Communication terminal, control device, and base station

ABSTRACT

A transmitting side UE 1  and a receiving side UE 2  are both connected to a given E-Node B. The transmitting side UE 1  divides a transmission packet addressed to UE 2  into a first packet to be transmitted via a route not passing through a given access gateway and a second packet to be transmitted via a route passing through the given access gateway, and the packets are transmitted to the given E-Node B. The E-Node B transmits the first packet to UE 2  and also transmits the second packet to the access gateway. The access gateway receives the second packet and transmits it to the E-Node B. The E-Node B receives the second packet transmitted from the access gateway and transmits it to UE 2 . UE 2  receives the first packet and the second packet and synthesizes them to restore the initial packet.

This is a continuation application of application Ser. No. 12/438,480filed Feb. 23, 2009, which is a national stage of PCT/JP2007/066416filed Aug. 24, 2007, which is based on Japanese patent application no.2006-228348 filed on Aug. 24, 2006, Japanese application no. 2006-294475filed Oct. 30, 2006, and Japanese application no. 2007-009331 filed Jan.18, 2007, the entire contents of each of which are incorporated byreference herein.

TECHNICAL FIELD

The present invention relates to a communication system using a packetnetwork, a communication method, a radio terminal, a radio relay device,and a control device.

BACKGROUND ART

As described in the Non-Patent Documents 1 and 2 as given below, anarchitecture shown in FIG. 15 is proposed as a configuration of the nextgeneration network of 3rd Generation Partnership Project (3GPP;registered trademark). In FIG. 15, user equipments (hereinafter referredas “UE” or “UEs”) UE 101 and UE 102 are connected to base stationsE-Nodes B (Evolved Nodes 13) 103 and 104 respectively via radio wave.Further, the base stations 103 and 104 are connected to access gateway(ACGW; or MME/UPE) 105, which is a control device on network side andconnected via wired means. ACGW 105 performs user authenticationprocessing by using a user authentication device 106, and it is judgedwhether UE 101 and UE 102 should be connected to the network or not.Also, by using a charging control device 107, various types ofinformation including the conditions of use such as the amount ofpackets for charging the fees to UE 101 and UE 102 (PCRF; Policy Controland Charging Rules Function) are collected. Also, the data of user planeis encrypted between ACGW 105 on one side and UE 101 and UE 102 on theother side respectively.

First, description will be given on a flow of packets between UE 101 andUE 102. The transmitting side UE 101 generates packets to be transmittedto the receiving side UE 102. The generated packets are encrypted toACGW 105, and the encrypted packet is transmitted to ACGW 105. When thetransmitting side UE 101 transmits the encrypted packet, the basestation 103 receives the encrypted packet from UE 101 and transfers itto ACGW 105. ACGW 105 receives the encrypted packet from UE 101 anddecrypts the packet. Further, ACGW 105 encrypts the packet addressed tothe destination of the packet, i.e. UE 102, and transmits the encryptedpacket. The base station 104 receives the encrypted packet from ACGW 105and transfers it to the receiving side UE 102. The receiving side UE 102receives the encrypted packet from ACGW 105 and decrypts it, and thepacket from the transmitting side UE 101 is processed by the receivingprocessing. Such is the flow of the packet between UE-UE.

As the prior art of data division, the scalable audio coding asdescribed in the Non-Patent Document 3 and the Patent Document 1 isknown, in which sound (audio) signals are divided in bands, and eachband is encoded individually.

-   Non-Patent Document 1: 3GPP (registered trademark) Technical Report    23.882; draft V1.1.0 (2006 April).-   Non-Patent Document 2: 3GPP (registered trademark) Technical Report    25.813; V0.9.2 (2006 May).-   Non-Patent Document 3: “Wideband Speech Coding Robust against Packet    Loss”; Takeshi Mori, et al.; Collection of the Articles presented at    the Institute of Electronics, Information and Communication    Engineers (IEICE); 2005 July, Vol. J88-DII No. 7, pp. 1103-1113.-   Patent document 1: Japanese Patent Application Publication No.    2003-241799 (Abstract)

However, in the flow of packets between UE-UE as described above, if UE101 (UE1) and UE 102 (UE2) are connected to the same base station 103 asshown in FIG. 1, a packet transmitted by UE 101 flows in the order of UE101→base station 103→ACGW 105→base station 103→UE 102 [the route (2)].That is, in the route (2), the data is transferred via a route to andfrom ACGW 105 and the base station 103. As described above, according tothe method of the prior art, when UE 101 and UE 102, which areperforming packet communication, are connected to the same base station103, the network resources between the base station 103 and ACGW 105 areconsumed uselessly and cannot be used efficiently. ACGW 105 performscommunication with a multiple of UEs, and the processing to decrypt thepackets from UE and the processing to encrypt the packet to betransferred must be carried out, and a problem arises that much burdenis placed on ACGW 105.

Incidentally, when UE 101 and UE 102 are connected to the same basestation 103 as shown in FIG. 1, a route can be conceived, by which thepacket is transmitted to and from the base station 103 and does not passthrough ACGW 150 [route (1)]. However, for the purpose of protecting theuser data from the attacks such as lawful interception, encryption mustbe adopted on the devices at the positions closer to the new networkfrom E-Node B, i.e. between UE and ACGW. Also, for the purpose ofcommunication control, e.g. for the purpose of charging the fees on userdata on the network side, operators may require to count the number ofpackets on the devices closer to the network side or may require toperform lawful interception when necessary. It is difficult to meet suchdemands by the method as described above.

DISCLOSURE OF THE INVENTION

To solve the problems in the prior art as described above, it is anobject of the present invention to provide a communication system, acommunication method, a radio terminal, a radio relay device and acontrol device, by which it is possible to efficiently use networkresources when a transmitting side radio terminal and a receiving sideradio terminal are connected to the same radio relay device, to reducethe burden on the control device and to control the communication of theradio terminals by the control device.

To attain the above object, the present invention provides acommunication system, said communication system comprises a radio relaydevice for performing radio communication with radio terminals with eachother and a control device for performing packet transfer to and fromsaid radio relay device and for controlling radio communication betweensaid radio terminal and said radio relay device, wherein:

when a transmitting side radio terminal and a receiving side radioterminal are connected to the same radio relay device, said transmittingside radio terminal divides a transmitting packet addressed to saidreceiving side radio terminal into a first packet to be transmitted viaa route not passing through said control device and a second packet tobe transmitted via said control device, and transmits said first packetand said second packet to said radio relay device;

said radio relay device receives said first packet and said secondpacket transmitted from the transmitting side radio terminal andtransmits said first packet to said receiving side radio terminal andtransmits said second packet to said control device;

said control device receives said second packet transmitted from saidradio relay device and transmits it to said radio relay device;

said radio relay device receives said second packet transmitted fromsaid control device and transmits it to said receiving side radioterminal; and

said receiving side radio terminal receives said first packet and saidsecond packet transmitted from said radio relay device and restores theinitial packet.

By the arrangement as described above, when a transmitting side radioterminal and a receiving side radio terminal are connected to the sameradio relay device, a transmission packet addressed to the receivingside radio terminal is divided into a first packet to be transmitted viaa route not passing through a control device and a second packet to betransmitted via the control device. As a result, it is possible toefficiently utilize the network resources, to reduce the burden on thecontrol device, and to control the communication between the radioterminals by the control device.

The first packet to be transmitted via a route not passing through thecontrol device contains an extended audio data when the band of audiosignal is divided into a fundamental audio data in low frequency rangeand an extended audio data in high frequency range, and the secondpacket to be transmitted via the control device contains the fundamentalaudio data. Also, among an intra-screen coding data where image signalis encoded only within a screen and an inter-screen differenceprediction coding data where inter-screen difference is encoded byprediction coding, the first packet to be transmitted via a route notpassing through the control device contains the inter-screen differenceprediction coding data, and the second packet to be transmitted via thecontrol device contains the intra-screen coding data.

Also, the present invention provides the communication system asdescribed above, wherein:

said transmitting side radio terminal encrypts the transmitting data tobe transmitted to said receiving side radio terminal and generates saidfirst packet excluding identification data to decrypt said encrypteddata on said receiving side radio terminal, and generates said secondpacket containing said identification data; and

said receiving side radio terminal puts said identification data in saidsecond packet to a portion where said identification data is cut off insaid first packet, and decrypts said encrypted data in said firstpacket.

Further, the present invention provides the communication system asdescribed above, wherein:

said transmitting side radio terminal encrypts the transmitting data tobe transmitted to said receiving side radio terminal, generates saidfirst packet excluding identification data to decrypt said encrypteddata on the receiving side radio terminal and a part of said encrypteddata, and generates said second packet containing said identificationdata and said part of said encrypted data; and

said receiving side radio terminal puts a part of said identificationdata and said part of said encrypted data in said second packet to aportion where a part of said identification data and said part of saidencrypted data are cut off in said first packet and decrypts saidencrypted data in said first packet.

Also, the present invention provides the communication system asdescribed above, wherein:

said transmitting side radio terminal encrypts the transmitting data tobe transmitted to said receiving side radio terminal, generates saidfirst packet excluding a part of data necessary for decrypting saidencrypted data on the receiving side radio terminal, and generates saidsecond packet containing said part of the data necessary for saiddecrypting; and

said receiving side radio terminal puts said part of data necessary forsaid decryption in said second packet to a portion in said first packetwhere said part of the data necessary for said decrypting is cut off,and decrypts said encrypted data in said first packet.

With the arrangement as described above, it is possible to maintainsecurity of communication even when the first packet is transmitted viaa route not passing through the control device. Also, because theinitial data cannot be restored if both of the first packet and thesecond packet do not reach the receiving side radio terminal, the systemside or the network side can control the direct communication betweenuser equipments.

Further, to attain the above object, the present invention provides acommunication method for performing radio communication between a radioterminal and a radio relay device, for transferring packets to and fromsaid radio relay device by a control device, and for controlling radiocommunication between said radio terminal and said radio relay device bysaid control device, wherein said method comprises:

a step where, when the transmitting side radio terminal and thereceiving side radio terminal are connected to the same radio relaydevice, said transmitting side radio terminal divides a transmittingpacket addressed to the receiving side radio terminal into a firstpacket to be transmitted via a route not passing through said controldevice and said second packet to be transmitted via said control device,and transmits said first packet and said second packet to said radiorelay device;

a step where said radio relay device receives said first packet and saidsecond packet transmitted from said transmitting side radio terminal,transmits said first packet to the receiving side radio terminal, andtransmits said second packet to said control device;

a step where said control device receives said second packet transmittedfrom said radio relay device and transmits it to said radio relaydevice;

a step where said radio relay device receives said second packettransmitted from said control device and transmits it to said receivingside radio terminal; and

a step where said receiving side radio terminal receives said firstpacket and said second packet transmitted from said radio relay device,and restores the initial packet.

Also, to attain the above object of the invention, the present inventionprovides a transmitting side radio terminal in a communication system,said communication system comprises a radio relay device for performingradio communication with radio terminals with each other and a controldevice for performing packet transfer to and from said radio relaydevice and for controlling radio communication between said radioterminal and said radio relay device, wherein:

when said transmitting side radio terminal and the receiving side radioterminal are connected to the same radio relay device, said transmittingside radio terminal has means for dividing said transmitting packet tobe transmitted to said receiving side radio terminal into a first packetto be sent via a route not passing through said control device and asecond packet to be transmitted via said control device, and fortransmitting said first packet and said second packet to said radiorelay device;

said radio relay device receives said first packet and said secondpacket transmitted from said transmitting side radio terminal, transmitssaid first packet to said receiving side radio terminal and transmitssaid second packet to said control device;

said control device receives said second packet transmitted from saidradio relay device and transmits said second packet to said radio relaydevice;

said radio relay device receives said second packet transmitted fromsaid control device and transmits the packet to said receiving sideradio terminal; and

said receiving side radio terminal receives said first packet and saidsecond packet transmitted from said radio relay device and restores theinitial packet.

Further, to attain the above object of the invention, the presentinvention provides a radio relay device in a communication system, saidcommunication system comprises said radio relay device for performingradio communication with radio terminals with each other and a controldevice for performing packet transfer to and from said radio relaydevice and for controlling radio communication between said radioterminal and said radio relay device, wherein:

when a transmitting side radio terminal and a receiving side radioterminal are connected to said radio relay device, and in case saidtransmitting side radio terminal divides the transmitting packetaddressed to said receiving side radio terminal into a first packet tobe transmitted via a route not passing through said control device and asecond packet to be transmitted via said control device and transmitssaid first packet and said second packet to the radio relay device, saidradio relay device has means for receiving said first packet and saidsecond packet transmitted from said transmitting side radio terminal,for transmitting said first packet to said receiving side radio terminaland for transmitting said second packet to said radio relay deviceitself;

when said control device receives said second packet transmitted fromsaid radio relay device itself and transmits said second packet to theradio relay device, said radio relay device has means for receiving saidsecond packet transmitted from said control device, and for transmittingsaid second packet to said receiving side radio terminal; and

said receiving side radio terminal receives said first packet and saidsecond packet transmitted from the radio relay device and restores theinitial packet.

Also, to attain the above object of the invention, the present inventionprovides a control device in a communication system, said communicationsystem comprises a radio relay device for performing radio communicationwith radio terminals with each other and said control device forperforming packet transfer to and from said radio relay device and forcontrolling radio communication between said radio terminal and saidradio relay device, wherein:

when a transmitting side radio terminal and a receiving side radioterminal are connected to the same radio relay device, said controldevice has means for dividing a transmitting packet addressed to saidreceiving side radio terminal into a first packet to be transmitted viaa route not passing through said control device and a second packet tobe transmitted via said control device and for transmitting said firstpacket and said second packet to said radio relay device, and in casesaid radio relay device receives said first packet and said secondpacket transmitted from said transmitting side radio terminal andtransmits said first packet to said receiving side radio terminal andsaid second packet to said control device, for receiving said secondpacket transmitted from said radio relay device and for transmittingsaid second packet to said radio relay device;

said control device has means for controlling radio communicationbetween said radio terminal and said radio relay device based on saidsecond packet;

said radio relay device receives said second packet transmitted fromsaid control device and transmits said second packet to said receivingside radio terminal; and

said receiving side radio terminal receives said first packet and saidsecond packet transmitted from said radio relay device and restores theinitial packet.

Further, to attain the above object of the invention, the presentinvention provides a receiving side radio terminal comprising a radiorelay device for performing radio communication with radio terminalswith each other and a control device for performing packet transfer toand from said radio relay device and for controlling radio communicationbetween said radio terminal and said radio relay device, wherein:

when a transmitting side radio terminal and said receiving side radioterminal are connected to the same radio relay device, said transmittingside radio terminal divides a transmitting packet addressed to saidtransmitting side radio terminal into a first packet to be transmittedvia a route not passing through said control device and a second packetto be transmitted via said control device, and transmits said firstpacket and said second packet to said radio relay device, said radiorelay device receives said first packet and said second packettransmitted from said transmitting side radio terminal, transmits saidfirst packet to said receiving side radio terminal and transmits saidsecond packet to said control device, said control device receives saidsecond packet transmitted from said radio relay device and transmitssaid second packet to said radio relay device, and when said radio relaydevice receives said second packet transmitted from said control deviceand transmits the second packet to said receiving side radio terminal,said receiving side radio terminal has means for receiving said firstpacket and said second packet transmitted from said radio relay deviceand for restoring the initial packet.

Also, to attain the above object of the invention, the present inventionprovides a communication system, wherein said communication systemcomprises a radio relay device for performing radio communication withradio terminals with each other and a control device for performingpacket transfer to and from said radio relay device and for controllingradio communication between said radio terminal and said radio relaydevice, wherein:

when a transmitting side radio terminal and a receiving side radioterminal are connected to the same radio relay device, said transmittingside radio terminal encrypts data to be transmitted to the receivingside radio terminal and prepares a packet of said data, and transmitssaid packet to said radio relay device as a first packet addressed tosaid receiving side radio terminal to be transmitted via a route notpassing through said control device, and turns a key data for decryptingthe encrypted data to a packet, and transmits this packet to said radiorelay device as a second packet addressed to the receiving side radioterminal to be transmitted via said control device;

said radio relay device receives said first packet and said secondpacket transmitted from said transmitting side radio terminal, transferssaid first packet to the receiving side radio terminal, transfers saidsecond packet to said control device, periodically copies a part of aplurality of said first packets, and transmits said copied packet tosaid control device as a third packet;

said control device receives said second packet transferred from saidradio relay device, transfers said second packet to said radio relaydevice after confirming the key data contained therein, and acquirescontrol information for said first packet based on said third packettransmitted from said radio relay device;

said radio relay device receives said second packet transferred fromsaid control device and transfers said second packet to said receivingside radio terminal; and

said receiving side radio terminal receives said first packet and saidsecond packet transferred from said radio relay device, and decryptssaid encrypted data based on said key data.

With the arrangement as described above, when a transmitting side radioterminal and a receiving side radio terminal are connected to the sameradio relay device, a transmission packet addressed to the receivingside radio terminal is transferred to the receiving side radio terminalas a first packet transmitted via a route not passing through thecontrol device, and a key data to decrypt the encrypted data in thefirst packet is transferred to the receiving side radio terminal as asecond packet via a route passing through the control device. As aresult, the network resources can be efficiently utilized, the burden onthe control device can be reduced, and the control device can controlthe communication between the radio terminals. Also, even when thepacket is not transmitted via the control device, the security of thecommunication of the first packet can be maintained. Further, theinitial data cannot be restored unless both the first packet and thesecond packet reach the receiving radio terminal, and the system side,i.e. the network side, can control the direct communication between theuser equipments.

Also, the radio relay device periodically copies a part of a pluralityof the first packets and transmits the copied packet to the controldevice as a third packet. Thus, the control device can acquire controlinformation on the first packet based on the third packet. Also, thetransmitting side radio terminal sets a sequence number in each of thefirst packets, and the control device can control the number of thetransfer packets of the first packets based on the sequence numberinside the third packet.

Also, to attain the above object of the invention, the present inventionprovides a communication method for performing radio communicationbetween a radio terminal and a radio relay device, for transferringpackets to and from said radio relay device by a control device, and forcontrolling radio communication between said radio terminal and saidradio relay device, wherein said method comprises:

a step where, when a transmitting side radio terminal and a receivingside radio terminal are connected to the same radio relay device, saidtransmitting side radio terminal encrypts data to be transmitted to saidreceiving side radio terminal and prepares a packet, transmits thepacket as a first packet addressed to the receiving side radio terminaland to be transmitted via a route not passing through said controldevice to said radio relay device, prepares a packet of the key data todecrypt said encrypted data, and transmits said packet to said radiorelay device as a second packet addressed to said receiving side radioterminal via said control device;

a step where said radio relay device receives said first packet and saidsecond packet transmitted from said transmitting side radio terminal,transfers said first packet to said receiving side radio terminal,transfers said second packet to said control device, periodically copiesa part of a plurality of said first packets, and transmits said packetsas a third packet to said control device;

a step where said control device receives said second packet transferredfrom said radio relay device, confirms the key data inside the packet,transfers said second packet to said radio relay device, and acquirescontrol information on said first packet based on said third packettransmitted from said radio relay device;

a step where said radio relay device receives said second packettransferred from said control device, and transfers the second packet tothe receiving side radio terminal; and

a step where said receiving side radio terminal receives said firstpacket and said second packet transferred form said radio relay device,and restores the encrypted data based on said key data.

Further, to attain the above object of the invention, the presentinvention provides a transmitting side radio terminal in a communicationsystem, said communication system comprises a radio relay device forperforming radio communication with radio terminals with each other anda control device for performing packet transfer to and from said radiorelay device and for controlling radio communication between said radioterminal and said radio relay device, wherein:

when said transmitting side radio terminal and the receiving side radioterminal are connected to the same radio relay device, said transmittingside radio terminal encrypts the data to be transmitted to saidreceiving side radio terminal and prepares a packet of said data,transmits said packet as a first packet addressed to said receiving sideradio terminal and to be transmitted via a route not passing throughsaid control device to said radio relay device, prepares a packetcontaining a key data for decrypting said encrypted data, and saidtransmitting side radio terminal has means for transmitting said packetto said radio relay device as a second packet addressed to saidreceiving side radio terminal to be transmitted via said control device;

said radio relay device receives said first packet and said secondpacket transmitted from said transmitting side radio terminal, transferssaid first packet to the receiving side radio terminal, transfers saidsecond packet to said control device, periodically copies a part of aplurality of said first packets, and transmits said copied packet tosaid control device as a third packet;

said control device receives said second packet transferred from saidradio relay device, confirms the key data inside the packet, transferssaid second packet to said radio relay device, and acquires controlinformation on said first packet based on said third packet transmittedfrom said radio relay device;

said radio relay device receives said second packet transferred fromsaid control device and transfers said second packet to said receivingside radio terminal; and

said receiving side radio terminal receives said first packet and saidsecond packet transferred from said radio relay device, and decryptssaid encrypted data based on said key data.

Also, to attain the above object of the invention, the present inventionprovides a radio relay device in a communication system, saidcommunication system comprises said radio relay device for performingradio communication with radio terminals with each other and a controldevice for performing packet transfer to and from said radio relaydevice and for controlling radio communication between said radioterminal and said radio relay device, wherein:

when a transmitting side radio terminal and a receiving side radio areconnected to the same radio relay device, said transmitting side radioterminal has means for encrypting a transmission data to said receivingside radio terminal and for preparing a packet containing said data, fortransmitting said packet to said radio relay device as a first packetaddressed to said receiving side radio terminal via a route not passingthrough said control device, for preparing a packet containing key datafor decrypting said encrypted data, and when said packet is transmittedto said radio relay device as a second packet addressed to saidreceiving side radio terminal via said control device, said radio relaydevice receives said first packet and said second packet transmittedfrom said transmitting side radio terminal, transfers said first packetto said receiving side radio terminal, transfers said second packet tosaid control device, and periodically copies a part of a plurality ofsaid first packets and transmits said packet as a third packet to saidcontrol device;

said control device receives said second packet transferred from saidradio relay device, confirms the key data inside said packet, transferssaid second packet to said radio relay device, and when controlinformation on said first packet is acquired according to said thirdpacket transmitted from said radio relay device, said radio relay devicereceives said second packet transferred from said control device, andtransfers said second packet to said receiving side radio terminal; and

said receiving side radio terminal receives said first packet and saidsecond packet transferred from said radio relay device, and decryptssaid encrypted data based on said key data.

Further, to attain the above object of the invention, the presentinvention provides a control device in a communication system, saidcommunication system comprises a radio relay device for performing radiocommunication with radio terminals with each other and said controldevice for performing packet transfer to and from said radio relaydevice and for controlling radio communication between said radioterminal and said radio relay device, wherein:

when a transmitting side radio terminal and a receiving side radioterminal are connected to the same radio relay device, said transmittingside radio terminal encrypts a transmission data addressed to saidreceiving side radio terminal and prepares a packet containing saiddata, transmits said packet to said radio relay device as a first packetto said receiving side radio terminal via a route not passing throughsaid control device, prepares a packet containing a key data fordecrypting said encrypted data, transfers said packet as a second packetto said receiving side radio terminal via said control device, receivessaid first packet and said second packet transmitted from saidtransmitting side radio terminal, transfers said first packet to saidreceiving side radio terminal, transfers said second packet to saidcontrol device, and further, when a part of a plurality of said firstpackets is periodically copied and this copied packet is transmitted tosaid control device as a third packet, said control device receives saidsecond packet transferred from said radio relay device, confirms the keydata inside said packet and transfers said second packet to said radiorelay device, and acquires control information on said first packetbased on said third packet transmitted from said radio relay device;

said radio relay device receives said second packet transferred fromsaid control device and transfers said second packet to said receivingside radio terminal; and

said receiving side radio terminal receives said first packet and saidsecond packet transferred from said radio relay device and decrypts saidencrypted data based on said key data.

Also, to attain the above object of the invention, the present inventionprovides a receiving side radio terminal in a communication system, saidcommunication system comprises a radio relay device for performing radiocommunication with radio terminals with each other and a control devicefor performing packet transfer to and from said radio relay device andfor controlling radio communication between said radio terminal and saidradio relay device, wherein:

when a transmitting side radio terminal and a receiving side radioterminal are connected to the same radio relay device, said transmittingside radio terminal encrypts a transmitting data addressed to saidreceiving side radio terminal and prepares a packet containing saiddata, transmits said packet as a first packet addressed to the receivingside radio terminal via a route not passing through said control device,prepares a packet containing a key data for decrypting said encrypteddata, transmits said packet to said radio relay device as a secondpacket addressed to the receiving side radio terminal via a routepassing through said control device, said radio relay device receivessaid first packet and said second packet transmitted from saidtransmitting side radio terminal, transfers said first packet to saidreceiving side radio terminal, transfers said second packet to saidcontrol device, periodically copies a part of a plurality of said firstpackets, and transfers said copied packet as a third packet to saidcontrol device, said control device receives said second packettransferred from said radio relay device, confirms the key data insidethe packet, transfers said second packet to said radio relay device,acquires control information on said first packet based on said thirdpacket transmitted from said radio relay device, and when said radiorelay device receives said second packet transferred from said controldevice and transfers said packet to said receiving side radio terminal,said receiving side radio terminal receives said first packet and saidsecond packet transferred from said radio relay device, and decryptssaid encrypted data based on said key data.

The present invention provides such effects that there is no need totransmit all of the packets transmitted from the transmitting side radioterminal between the radio relay device and the control device, andpartial data or small amount of data would be sufficient. Thus, networkresources of the radio relay device and the control device can beefficiently utilized. Also, the control device does not have to performdecryption and encryption on all data in the packet, which istransmitted from the transmitting side radio terminal to the receivingside radio terminal, and only a part of data is decrypted and encrypted.As a result, the burden of the processing can be alleviated.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a schematical drawing of a system configuration when atransmitting side UE and a receiving side UE are connected to the sameE-Node B in the prior art and in an embodiment of the present invention;

FIG. 2 is a flow chart of processing when the UE-UE direct communicationis started in the embodiment of the invention;

FIG. 3A is a drawing to explain a message sequence between UE and ACGWwhen the UE-UE direct communication is started in the embodiment of theinvention and shows a case where UE1 and UE2 of FIG. 1 match “the UE-UEdirect communication” respectively;

FIG. 3B is a drawing to explain a message sequence between UE and ACGWwhen the UE-UE direct communication is started in the embodiment of theinvention and shows a case where UE in FIG. 1 does not match “the UE-UEdirect communication” (UE2 does not match);

FIG. 4 is a drawing to explain packet dividing processing of thetransmitting side UE of FIG. 1;

FIG. 5A is a table to explain a format of an RP header of FIG. 4 andshowing a format of a first RP header of FIG. 4;

FIG. 5B is a table to explain a format of an RP header of FIG. 4 andshowing a format of a second RP header of FIG. 4;

FIG. 6 is a block diagram to show a packet transmitting unit of UE ofFIG. 1;

FIG. 7 is a flow chart to show packet transmitting processing of UE ofFIG. 1;

FIG. 8 is a block diagram to show E-Node B of FIG. 1;

FIG. 9 is a flow chart to show packet receiving processing of E-Node Bof FIG. 1;

FIG. 10 is a drawing to show packet receiving and transmittingprocessing of ACGW of FIG. 1;

FIG. 11 is a block diagram to show ACGW of FIG. 1;

FIG. 12 is a flow chart to show packet receiving processing of ACGW ofFIG. 1;

FIG. 13 is a drawing to explain packet synthesizing processing of thereceiving side UE of FIG. 1;

FIG. 14 is a block diagram to show a packet receiving unit of UE of FIG.1;

FIG. 15 is a drawing of a system configuration when the transmittingside UE and the receiving side UE are connected to different E-Nodes Brespectively;

FIG. 16 is a drawing to show a configuration of a packet when thetransmitting side UE Sends a packet addressed to the receiving side UEvia ACGW;

FIG. 17 is a drawing to show a configuration of a packet of the UE-UEdirect communication;

FIG. 18 is a drawing to show the details of a configuration of thepackets of FIG. 16 and FIG. 17 respectively;

FIG. 19 is a drawing to explain a configuration of a packet when E-NodeB sends a packet to ACGW in the UE-UE direct communication in the secondembodiment of the invention;

FIG. 20 is a block diagram to show a packet transmitting unit of UE inthe second embodiment;

FIG. 21 is a block diagram to show a packet receiving unit of UE in thesecond embodiment;

FIG. 22 is a block diagram to show E-Node B in the second embodiment ofthe invention;

FIG. 23 is a block diagram to show ACGW in the second embodiment of theinvention;

FIG. 24 is a drawing to explain a configuration of each packet in caseof the UE-UE direct communication in the second embodiment of theinvention;

FIG. 25 is a drawing to explain a configuration of each packet in caseit is not the UE-UE direct communication in the second embodiment of theinvention;

FIG. 26 is a drawing to explain a configuration of a packet whensequence number is put in the second embodiment;

FIG. 27 is a drawing to explain a configuration of a packet when totalnumber of data bytes is put in the second embodiment;

FIG. 28 is a drawing to explain a configuration of a key datatransmitting packet at the time of the UE-UE direct communication in thesecond embodiment of the invention;

FIG. 29 is a drawing to explain a configuration of a key datatransmitting packet at the time of the UE-UE direct communication in thesecond embodiment of the invention;

FIG. 30 is a block diagram to show a scalable audio coding device and adecrypting device in a concrete example of the first embodiment andexamples of variations of the first and second embodiments;

FIG. 31 is a drawing to explain a configuration of a packet in aconcrete example in the first embodiment; and

FIG. 32 is a drawing to explain a configuration of a packet in each ofvariation examples of the first and the second embodiments respectively.

BEST MODE FOR CARRYING OUT THE INVENTION The First Embodiment

Description will be given below on the embodiment of the invention byreferring to the attached drawings. FIG. 1 shows a condition where UE101 and UE 102 are connected to the same base station (hereinafter,referred as “E-Node B”). This condition includes a case where thecondition is continuously present from the moment of the starting of thecommunication and a case where UE 101 or UE 102 moves from the conditionshown in FIG. 15. Under this condition, when transmission is performedfrom UE 101 to UE 102, a packet to be transmitted is divided at UE 101by “the UE-UE direct communication” as described below in detail, andthe packet is transferred by dividing it into a packet to be sent via adirect route (1) not passing through ACGW 105 and via an ACGW route (2)passing through ACGW 105. In the following, the packet to be sent viathe direct route (1) is referred as a first packet, and a packet to besent via the ACGW route (2) is referred as a second packet.

<Condition to Start Communication Between UE-UE>

In the first condition where the communication between UE 101 and UE 102is started, the communication is started via ACGW 105 similarly to theconventional case. The transmitting side UE 101 generates a packet to betransmitted to the receiving side UE 102. The generated packet isencrypted to ACGW 105 and is transmitted to ACGW 105. The encryptedpacket transmitted by UE 101 is received by E-Node B 103, and it istransferred to ACGW 105. ACGW 105 decrypts the encrypted packet asreceived, and routing destination is judged from the destination of thedecrypted packet. ACGW 105 encrypts the packet to UE 102 and transmitsit to UE 102. The encrypted packet as transmitted by ACGW 105 isreceived by E-Node B 103, and it is transferred to UE 102. The receivingside UE 102 receives the encrypted packet and decrypts it, and thepacket from the transmitting side UE 101 is acquired. In the presentembodiment, description will be given by assuming a case where a tunnelmode of IPsec ESP (Encapsulating Security Payload) is used as a methodto encrypt and to decrypt the packet, while the present invention is notlimited to the IPsec ESP system.

<Starting of the UE-UE Direct Communication>

The UE-UE direct communication is performed when ACGW 105 detects thatthe transmitting side UE 101 and the receiving side 102 are connected tothe same E-Node B 103. In this case, ACGW 105 detects that thetransmitting side UE 101 and the receiving side UE 102 are connected tothe same E-Node B 103 through the routing process by detecting thatE-Node B of the transfer destination when the packet is received andE-Node B, to which the packet is to be transferred, are the same, orACGW 105 detects it from information on UE 101 or UE 102 under itscontrol. When it is detected that the transmitting side UE 101 and thereceiving side UE 102 are connected to the same E-Node B 103, ACGW sendsan inquiry as to whether the UEs have capability of “the UE-UE directcommunication” or not. In case both or one of the UEs does not have thecapability, it is not possible to carry out “the UE-UE directcommunication”. When both UEs have the capability, it is indicated foreach of UE 101 and UE 102 to set up a communication route for “the UE-UEdirect communication”. Also, ACGW 105 indicates E-Node B 103 to permitthe transfer of the packet between UE 101 and UE 102.

<During UE-UE Direct Communication>

When the transmitting side UE 101 receives the instruction to perform“the UE-UE direct communication” from ACGW 105 and generates a packetaddressed to the receiving side UE 102, the packet to UE 102 is firstencrypted. Then, a part of the encrypted packet is cut off, and the datathus cut off is encrypted to ACGW 105. The transmitting side UE 101transmits a first packet to UE 102 (via the direct route (1)) andtransmits a second packet to ACGW 105 (via the ACGW route (2)). E-Node B103 receives the first and the second packets from the transmitting sideUE 101 and transfers the first packet addressed to UE 102 to UE 102, andtransfers the second packet addressed to ACGW 105 to ACGW 105. ACGW 105receives the second packet as transferred form E-Node B 103. Then, itdecrypts the packet, encrypts the packet to UE 102, and transfers it toUE 102.

When the receiving side UE 102 has received only the first packet fromUE 101, it holds the first packet as received and waits until the secondpacket arrives because the first packet alone gives no meaningful data.On the contrary, when only the second packet is received from ACGW 105,it waits for the arrival of the first packet. The receiving side UE 102synthesizes the first packet with the second packet and restores theinitial packet, which was generated by the transmitting side UE 101, andthe packet is received.

<Termination of the UE-UE Direct Communication>

When UE 101 and UE 102 performing “the UE-UE direct communication” arenot connected to the same E-Node B 103 any more because UE 101 and UE102 are moving, ACGW 105 instructs UE 101 and UE 102 to terminate “theUE-UE direct communication” respectively. Also, it sends notification toE-Node B 103 and gives an instruction not to directly transfer thepacket between UE 101 and UE 102.

Now, detailed description will be given on each processing.

<Starting of the UE-UE Direct Communication>

Referring to FIG. 2, FIG. 3A and FIG. 3B, description will be givenbelow on the processing to start the UE-UE direct communication. Atfirst, the transmitting side UE 101 and the receiving side UE 102transmit and receive the packets respectively via ACGW 105. Thetransmitting side UE 101 generates a packet addressed to the receivingside UE 102. Then, the generated packet is encrypted and transmitted toACGW 105. E-Node B 103 receives the encrypted packet thus transmittedand transfers it to ACGW 105. ACGW 105 decrypts the encrypted packetreceived and identifies the routing destination from the address of thedecrypted packet. ACGW 105 encrypts the packet and transmits the packetto UE 102. E-Node B 103 receives the transmitted packet and transfers itto UE 102. The receiving side UE 102 receives and decrypts the encryptedpacket and acquires the packet from the transmitting side UE 101. Thisis the condition before the starting of the UE-UE direct communication.

In FIG. 2, ACGW 105 detects that the transmitting side UE 101 and thereceiving side UE 102 are both connected to the same E-Node B 103 (StepS21). For instance, ACGW 105 detects this at the time of routingprocessing from the fact that the E-Node B of the transfer source whenthe packet is received is the same as the E-Node B of the transferdestination. Or, ACGW 105 checks the connected E-Node B from informationon UE under its control and detects that both UEs are connected to thesame E-Node B. Then, ACGW 105 detects that the transmitting side UE 101and the receiving side UE 102 are connected to the same E-Node B 103,and transmits an inquiry as to whether “the UE-UE direct communication”is possible or not to UE 101 and UE 102 respectively (Step S22).

FIG. 3A and FIG. 3B each shows a message sequence at the time of thisinquiry respectively. In FIG. 3A, ACGW 105 transmits a request message(Req) to UE 1 (UE 101) and UE 2 (UE 102) (Step S31). After transmittingan inquiry, ACGW 105 waits for a response from UE 101 and UE 102respectively (Step S23 in FIG. 2). When the response matches “the UE-UEdirect communication function”, UE 101 and UE 102 send back the possiblecandidate answer given below as a response to ACGW 105: the fact thatthe response matches the case (OK); a value of SPI (Security ParameterIndex); (SPI(UE1) in case the response is from UE 101; SPI(UE2) in casethe response is from UE 102); and encryption mode, which UE 101 and UE102 can cope with (Step S24 in FIG. 2; Step S32 in FIG. 3A).

If a response indicates that it matches the case from both of UE 101 andUE 102, ACGW 105 notifies local address of the correspondent (i.e. UE102 and UE 101) to UE 101 and UE 102 respectively (Step S25 in FIG. 2;Step S33 in FIG. 3A). This local address is an address for transportwithin the network. Also, the value of SPI (i.e. SPI(UE2) and SPI (UE1)as designated by the correspondents to UE 101 and UE 102 respectivelyare notified (Step S25 in FIG. 2; Step S33 in FIG. 3A). By transmittinga packet, which is encrypted and added with this value, the receivingside can judge under which condition the decrypting should be performed.ACGW 105 selects one from the candidates of the encryption mode aspresented by UE 101 and UE 102 respectively, and the encryption mode isnotified to UE 101 and UE 102 respectively (Step S33 in FIG. 3A). Incase there is no encryption mode, which can be shared in common, it isnot possible to start “the UE-UE direct communication”. A common key forencrypting and decrypting is notified to UE 101 and UE 102 respectively.The communication path between ACGW 105 and UE 101 or UE 102 is overencrypted paths between UE 101 and ACGW 105 and between UE 102 and ACGW105.

In the above, description has been given on a case where both UE 101 andUE 102 match “the UE-UE direct communication function”. If one of themdoes not match the function, it is not possible to start “the UE-UEdirect communication”. If only one of UE 101 and UE 102 replies with aresponse that it matches (OK) to the inquiry, a response is sent to theresponding UE that “the UE-UE direct communication” should not beperformed (NG) (Step S27 of FIG. 2; Step S34 of FIG. 3B). By the messagesequence as given above, information necessary for “the UE-UE directcommunication” is delivered to UE 101 and UE 102 respectively. SecurityAssociation (SA) is established between UE 101 and UE 102, and the SA isused for the communication between them (Step S26 in FIG. 2). Also, ACGW105 notifies to E-Node B 103 that “the UE-UE direct communication” isstarted between UE 101 and UE 102. E-Node B 103 changes internal settingsuch as setting of routing so that it is possible for UE 101 and UE 102to communicate directly.

<During the UE-UE Direct Communication>

Now, description will be given on behaviors of UE 101, UE 102, E-Node B103 and ACGW 105 during the UE-UE direct communication. In “the UE-UEdirect communication”, the transmitting side UE 101 generates a packetaddressed to UE 102 and prepares, from a part of the packet, a packet tobe sent via ACGW 105. Thus, the packet is transmitted as a first packetnot passing though ACGW 105 and a second packet, which passes throughACGW 105. Only when both of the first packet and the second packet reachthe receiving side UE 102, UE 102 can perform the receiving processingon the packet.

<Packet Transmission Processing by the Transmitting Side UE 101>

Referring to FIG. 4 to FIG. 7, description will be given below on packettransmitting processing of the transmitting side UE 101. First,description will be given on the structure of the transmitting packet ofthe transmitting side UE 101 by referring to FIG. 4, and further,referring to FIG. 5A and FIG. 5B. The transmitting side UE 101 generatesdata to be transmitted to the receiving side UE 102 and prepares apacket 401 to be sent to UE 102. Destination address (Dt) of the packet401 is a global address (g_UE2) of UE 102. Source address (Sr) is aglobal address of UE 101 (g_UE1). In this case, the term “globaladdress” and the term “local address” are properly differentiated fromeach other for convenience. That is, these are the address to be usedfor the communication between UE 101 and UE 102 and the address to beused for transporting the packet among ACGW 105, E-Node B 103, UE 101and UE 102. Depending on the operation of address management in thenetwork, both UE1 and UE2 may use “global address” or “local address”.

The transmitting side UE 101 encrypts the packet 401 to be sent to UE102 (encrypted data 401′). Then, the encrypted data 401′ isencapsulated, and a packet 402 is prepared. Here, description will begiven on a case where “the UE-UE direct communication” is performed. Incase of the transmission towards ACGW 105, the data is encapsulatedusing IPsec ESP in tunnel mode and is transmitted to ACGW 105.

In the packet 402, which has been prepared by encapsulating theencrypted data 401′, a “local address” of UE 102 (1_UE2) is set up tothe destination address of an IP header 402 a, which is a tunnel header,and a “local address” (1_UE1) of UE 101 is set up as the source address.Here, “local address” of UE 102 is an address, which is notified when aninstruction of “the UE-UE direct communication” is given from ACGW 105.The transmitting side UE 101 divides the packet 402, which has beenencrypted and encapsulated and is to be sent to UE 102, and a firstpacket 404 to be sent via a direct route (1) and a second packet 406 tobe sent via the ACGW route (2) are prepared.

In this case, the packet 403 on the direct route (1) side is a packet,which has been prepared by cutting a part of the data from the initialpacket 402. It is supposed here that it is a packet, which is preparedby cutting off a part of an ESP header 402 b and a part of the encrypteddata 401′ subsequent to it. SPI is included in the ESP header, and thereceiving side can identify by which key the data can be decrypted,depending on the value of SPI. That is, it has a role of identifyingdata for the purpose of performing the decryption. Here, an example hasbeen given on a case where a part of the encrypted data is cut off,while the size of the data can be adjusted in any arbitrary manner, andthe size may be set to 0. In such case, it may be referred as a methodnot including the encrypted data Further, it may be a part of the ESPheader or a part of the identification data. Specifically, thesignificance of the data to be cut off lies in that no meaning can befound by the data, which the receiving side has received via the directroute (1). However, in the present embodiment, a first RP header isoverwritten on a portion, which has been cut off as described below, andthe data of the cut-off portion must be bigger than the first RP header.

In the present embodiment, description has been given on an examplewhere it is overwritten with other data at the site where the data ofthe first packet has been cut off, while a method may be adopted to cutoff the cut-off data (hereinafter referred as data portion) and toinsert the RP header to the cut-off site. In such case, the data of thesecond packet is inserted into the site where the RP header is removedon the receiving side. In this case, the data to be cut off can bedetermined regardless of the size of the first RP header.

In the packet processing on the transmitting side as shown in FIG. 4,the remaining portion 403 a is overwritten with “0x00” or meaninglessdata after the partial data has been cut off from the initial packet 402so that the receiving side UE 102 cannot analogize or estimate the data,which has been there before a partial data was cut off. A firstreplacement (hereinafter referred as “RP”) 404 b is placed at theforemost position of the cut-off portion 403 a of the packet 403, and apacket 404 is prepared. This first RP header 404 b indicates a position,to which the cutoff data portion 405 is sent back to the originalposition when the first packet 404 is synthesized with the second packet406. In a “Next Header” region within the IP header 404 a of the firstpacket 404, a value to designate the ESP header is entered. This valueis replaced by the value indicated by the first RP header 404 b.

The second packet 406 is a packet, which has the ESP header 402 b as cutoff from the initial packet 402 and a part of the encrypted data 401′subsequent to it as a data portion 405. At the foremost position of thedata portion 405, an IP header 406 a and a second RP header 406 b areadded. The IP header 406 a sets up “local address” of UE 102 as thedestination address similarly to the header of the first packet 404 andsets up “local address” of UE 101 as the source address. Because it isthe same IP header as that of the first packet 404, the receiving sideUE 102 can differentiate it from the other packet when the first packet404 is synthesized with the second packet 406. Also, the value of the“Next Header” in the IP header 404 a of the first packet 404 is includedin the second RP header 406 b. That is, it is a value to indicate theESP header 402 b. When the receiving side UE 102 synthesizes the firstpacket 404 with the second packet 406, the value of the “Next Header” inthe IP header 404 a can be set back to the initial value. Also, RP-ID(RP header identifier) is included in the first RP header 404 b and thesecond RP header 406 b, and these two RP headers have the same value. Asa result, the receiving side UE 102 is prevented from erroneously takingthe other packet when the packets 404 and 406 are synthesized.

Because the second packet 406 is addressed to ACGW 105, it is encryptedto ACGW 105 (the encrypted data 406′), and this encrypted data 406′ isencapsulated and turned to a packet 407. The destination address of theIP header 407 a, which is a tunnel header of the packet 407, is ACGW105, and the source address is “local address” of UE 101.

Next, referring to FIG. 5A and FIG. 5B respectively, description will begiven on the format of the RP headers 404 b and 406 b respectively. Eachof the first and the second RP headers 404 b and 406 b has a formatsimilar to that of an extended header such as an end point option headerof IPv6 (RFC 2460). In the first one octet (501 and 504) of the RPheaders 404 b and 406 b, a value of the “Next Header” is set up, whichindicates the next extended header. A value (RP header length) toindicate length of the extended header is set up on the second octets(502 and 505). RP-ID, i.e. a value to indicate an identifier to uniquelyidentify RP headers 404 b and 406 b, is set up on the subsequent twooctets (503 and 506). Following to this, an option is added.

In the case of the format of the first RP header 404 b, no header comesnext to the first RP header 404 b on the first one octet (501) as shownin FIG. 5A, and a value of “No Next Header (59)” is set up. RP headerlength is set up at the next octet (502) and RP-ID is set up at theoctet (503) next to it. In the case of the format of the second RPheader 406 b, as shown in FIG. 5B, the value of “No Next Header (59)”,and subsequently, RP header length, and further, RP-ID are set up ineach of the first three octets (504, 505 and 506) respectively. Asoptional data, a value of “Next Header” of the initial packet is set up.In the optional data to set up “Next Header” of the initial packet, anoptional number to indicate the optional data of the value of theinitial “Next Header” is set up in the first one octet (507).Subsequently, optional data length (508) and the initial “Next Header”value (509) are set up.

As the optional data of the second RP header 406 b, packet size of theinitial packet 402 can be conceived. By this optional data, ACGW 105 canrecognize packet size of the initial packet 402, and this makes iteasier to grasp the condition of use in the network based on packetcommunication of UE 101 and UE 102. In the above, a region of RP-ID isprovided at the RP headers 404 b and 406 b, while RP-ID may also betreated as the optional data. In such case, the RP headers 404 b and 406b can be regarded as equal to the end point option header. So far,description has been given on the format of the RP headers 404 b and 406b.

Next, referring to FIG. 6, description will be given below on a packettransmitting unit of UE 101 (and UE 102). Before the starting of “theUE-UE direct communication”, the transmitting side UE 101 generates thedata to be transmitted to UE 102 at a data generating unit 601. Next,the packet 401 addressed to UE 102 is generated at a packet generatingunit 602 by using this data. The generated packet 401 can be deliveredand transmitted to a packet-transmitting unit 607. On the other hand,when it is to be transmitted to ACGW 105, the packet is encrypted at anIPsec encrypting-encapsulating unit 603, and the encrypted packet isdelivered to the packet transmitting unit 607 and it is transmitted.

When the transmitting side UE 101 receives an inquiry of “the UE-UEdirect communication” from ACGW 105, and “the UE-UE directcommunication” is performed as a result, the transmitting UE 101delivers the packet 401, which was generated and addressed to UE 102, tothe IPsec encrypting-encapsulating unit 603. In this case, it is not toencrypt the packet to ACGW 105, but it is encrypted by using anencryption key to UE 102 as acquired when the instruction of “the UE-UEdirect communication” was received. In the encapsulation of IPsec ESP,the destination address is “local address” of UE 102. In the UE-UEdirect communication, the transmitting side UE 101 delivers the packet402 encrypted to UE 102 to a division processing unit 604, and the firstpacket 404 and the second packet 406 are generated. More concretely,when the first packet 404 is generated, the ESP header 402 b in theinitial packet 402 and a part of the encrypted data 401′ subsequent toit are cut off, and the packet 403 is generated. The region where thedata portion 405 is cut off is overwritten with 0x00 or with meaninglessdata.

The transmitting side UE 101 prepares a first RP header 404 b and asecond RP header 406 b at an RP header setting unit 605. The first RPheader 404 b is added to the packet 403, and a first packet 404 to betransferred to UE 102 is prepared. Then, the second RP header 406 b isadded to a second packet 406. The first RP header 404 b is overwrittenat the initial position of the ESP header 402 b of the first packet 404.As a result, when the first packet and the second packet are synthesizedat the receiving side UE 102, a position, to which the data portion 405is to be returned, can be identified.

At a Next Header rewriting unit 606, a value to indicate the first RPheader 404 b is set up at the “Next Header” in the IP header 404 a ofthe first packet 404. In so doing, the node, which received the firstpacket 404, can recognize that the first RP header 404 b is placedsubsequent to the IP header 404 a. The initial “Next Header” value asset up in the IP header 404 a of the first packet 404 is set up in thesecond RP header 406 b. As a result, the “Next Header” value can bereturned to the initial position when the first packet 404 and thesecond packet 406 are synthesized. Also, the same RP-ID (RP headeridentifier) is set up at the first RP header 404 b and the second RPheader 406 b. This makes it possible to prevent from erroneously takingthe first packet 404 and the second packet 406 with the other packet atthe time of synthesizing.

After finishing the processing as given above, the first packet 404 isdelivered to the packet transmitting unit 607 and is transmitted. Thesecond packet 406 has a data portion 405 and the second RP header 406 b,and it is delivered to the packet-generating unit 602. At thepacket-generating unit 602, the transmitting side UE 101 adds an IPheader 406 a before the data portion 405 as cut off from the initialpacket 402 and the second RP header 406 b and generates the secondpacket 406. The destination address of the second packet 406 is “localaddress” of UE 102. This is the same as the IP header 404 a of the firstpacket 404. By the IP headers 404 and 406 a and RP-ID, the receivingside UE 102 can synthesize without mixing up the first packet 404 withthe second packet 406. At the IPsec encrypting-encapsulating unit 603,the transmitting side UE 101 can encrypt and encapsulate the secondpacket 406 to be addressed to ACGW 105, and a packet 407 for ACGW 105 isgenerated. The packet 407 thus generated is delivered and transmitted tothe packet transmitting unit 607.

Next, referring to FIG. 7, description will be given on the processingof the transmitting side UE 101. First, the transmitting side UE 101generates the packet 401 to be transmitted to UE2 (UE 102) as shown inFIG. 4 (Step S71). Because the transmitting side UE 101 has received aninstruction of “the UE-UE direct communication” from ACGW 105 and hasacquired the encryption mode, the encryption key and the securityparameter index (SPI) to encrypt the packet as addressed to thereceiving side UE 102, which were explained in connection with FIG. 2,FIG. 3A and FIG. 3B, the encryption data 401 to UE 102 is encrypted byusing these types of information. In this case, the transmitting side UE101 encrypts it for the receiving side UE 102, encapsulates it accordingto the IPsec ESP procedure and generates a packet 402 for UE 102 (StepS72).

Next, the transmitting side UE 101 cuts off a part (data portion 405) ofthe packet 402 for UE 102 thus generated and generates the first packet403 with a part (data portion 405) cut off and a second packet 406 newlygenerated from the cut-off data portion 405 (Step S73). A region 403 aas cut off from the first packet 403 is overwritten with 0x00 or withmeaningless data. Namely, it is so processed that, even when only thefirst packet 404 is received, the receiving side UE 102 cannot receiveit. The data portion 405 actually cut off is the ESP header 402 b of theinitial packet 402 and the encrypted data 401′ subsequent to it. Thereis no special designation on the size of the data portion to be cut off.However, it must be bigger than the first RP header 404 b. If the dataportion 405 to be cut off is too big, the data to be sent via ACGW 105becomes bigger, and this is not desirable. The first packet 403 is apacket addressed to UE 102, and the second packet 406 is a packet, whichis to be sent to UE 102 via ACGW 105. In case a method to insert thefirst RP header to remove the data region and to insert in it is usedinstead of a method to overwrite the region of the cut-off data withmeaningless data, the size of the data to be cut off may not be in thesize bigger than the size of the first RP header.

The transmitting side UE 101 adds the first RP header 404 b at theforemost portion where the data of the first packet 403 has been cut off(Step S74). This is information to indicate the position, to which thedata portion of the second packet 406, i.e. the data portion 405 cutoff, is to be returned to the initial position. Also, the transmittingside UE 101 changes the value of the “Next Header” at the IP header 404a of the first packet 404. Because the ESP header 402 b was subsequentto the IP header 402 a in the packet 402 before it was cut off, a valueto indicate the ESP header 402 b is set up at the “Next Header” at theIP header 402 a. This value in the IP header 404 a is replaced with avalue indicating the first RP header 404 b. In so doing, the receivingside node can identify a header, which is subsequent to the IP header404 a and can perform processing on the first RP header 404 b, and noton the ESP header 402 b. The transmitting side UE 101 transmits thereplaced first packet 404 to UE 102 (Step S75). Specifically, the firstpacket 404 is directly transferred from B-Node B 103 to UE 102, and notvia ACGW 105.

On the other hand, the transmitting side UE 101 generates the secondpacket 406 from the cut-off data portion 405. The second RP header 406 bis added to the second packet 406 (Step S76). The first RP header 404 band the second RP header 406 b contain RP-ID with the same value. Bythis RP-ID, the receiving side node can decide which of the first packet404 and which of the second packet 406 should be synthesized. Also, thesecond RP header 406 b contains a value of the “Next Header” of theinitial packet 402. That is, when the first packet 404 is synthesizedwith the second packet 406, a value to turn the value of the “NextHeader” (which was at the initial IP header 402 a) to the initial valueis contained in the second RP header 406 b. The destination of thesecond packet 406 is UE 102. This is the same as the case of the IPheader 404 a of the first packet 404. Because the IP headers 404 a and406 a are the same and the RP-ID has the same value, the receiving sidenode can identify the first packet 404 and the second packet 406 to besynthesized and synthesizes them.

The second packet 406 has an IP header 406 a, which is the same as theIP header 404 a of the first packet 404, and there is a second RP header406 b subsequent to it, and the data portion 405 as cut off from theinitial packet 402 comes after it. The second packet 406 is a packet,which reaches UE 102 via ACGW 105. The transmitting side UE 101 performsthe IPsec ESP tunnel mode processing addressed to ACGW to the secondpacket 406 and generates a second packet 407 (Step S77). Then, thetransmitting side UE 101 transmits the second packet 407 to ACGW 105(Step S78). That is, the second packet 407 is a packet, which istransferred to UE 102 via ACGW 105.

<Processing at E-Node B>

Next, referring to FIG. 8, description will be given below on aconfiguration of the E-Node B 103. E-Node B 103 receives the packet at apacket receiving unit 801. In case the received packet is a packetaddressed to own node, E-Node B 103 delivers it to a receiving packetprocessing unit 802. In case it is a packet, which must be transferred,it is delivered to a packet transfer processing unit 803. At the packettransfer processing unit 803, E-Node B 103 confirms the packet to betransferred. There is no restriction in case of a packet, which is to betransferred from ACGW 105 to UE 101 or UE 102. Also, there is norestriction in case of a packet, which is to be transferred from UE 101or UE 102 to ACGW 105. When it is to be transferred from UE to UE,E-Node B 103 confirms whether the packet to be transferred meets therequirements. When the packet is transferred from UE to UE, E-Node B 103confirms whether it is the communication permitted by ACGW 105 at anUE-UE communication confirming unit 804. Also, it is confirmed at an RPheader confirming unit 805 as to whether the packet contains the firstRP header 404 b or not. E-Node B 103 delivers and transmits the packetto be transferred to a packet transmitting unit 806.

Next, referring to FIG. 9, description will be given on packet relayprocessing of E-Node B 103. In case the packet is addressed to its ownnode, E-Node B 103 performs the receiving processing for a packetaddressed to its own node (Step S91). This is a case where aninstruction is given from ACGW 105, for instance. In case the packet isa packet other than the one addressed to its own node, E-Node B 103performs the transfer processing. In this case, it is confirmed whetherit is a packet sent from ACGW 105 or not. In case it is a packet sentfrom ACGW 105, it is transferred to the UE of the destination (StepS92). This is the case of a second packet 1009 (to be described later),which is transmitted from ACGW 105 to UE 102.

On the other hand, in case a packet transmitted—not from ACGW 105—butfrom UE 101 or UE 102, E-Node B 103 confirms whether it is addressed toACGW 105 or not. In case it is a packet transmitted from UE 101 or UE102 to ACGW 105, it is transferred to ACGW 105 (Step S93). For instance,this is the case of the second packet 407 to be transmitted from UE 101to UE 102 via ACGW 105. Further, in case a packet transmitted from UE toUE is to be transferred, E-Node B 103 confirms whether directcommunication is permitted between UE 101 and UE 102 or not (Step S94),and also confirms whether the first RP header 404 b is added or not.Regarding to whether direct communication is permitted or not, anotification is given from ACGW 105 in advance. To decide whether thefirst RP header 404 b is contained or not, the packet actually receivedshould be checked. This is to confirm that the receiving processing maynot be performed only on the packet transmitted from UE. For instance,it is the case of the first packet 404 transmitted from UE 101 to UE102.

<Processing at ACGW>

Next, referring to FIG. 10, description will be given on packet relayprocessing of ACGW 105. In case ACGW 105 receives a packet 407 of “theUE-UE direct communication”, the destination address of the packet 407is ACGW 105, i.e. it is addressed to its own node for ACGW 105. Whendecrypting and decapsulating are performed on this packet 407, thepacket 406 generated by UE 101 for UE 102 comes out. Destination addressof this packet 406 thus coming out is “local address” of UE 102, and thesource address is “the local address” of UE 101. Also, this packet 406contains the second RP header 406 b. Incidentally, in case “the UE-UEdirect communication” is not performed, the destination address of thepacket thus coming out is “the global address” of UE 102, and the sourceaddress is “the global address” of UE 101.

As the result of decrypting, ACGW 105 judges the transfer destinationbased on the destination address of the packet 406, which has come out.In the present case, it is UE 102. ACGW 105 performs the IPsec ESPtunnel mode processing and encrypts the packet for UE 102, generates anencryption data 1008, performs encapsulating processing and generates apacket 1009. The destination address of an IP header 1009 a of a packet1009 is “the local address” of UE 102, and the source address is theaddress of ACGW 105.

Next, referring to FIG. 11, description will be given on a configurationof ACGW 105. ACGW 105 receives a packet at a packet receiving unit 1101.If it is a packet encrypted and is addressed to its own node, decryptingand decapsulating are performed at an IPsec decrypting-decapsulatingunit 1102. After the decrypting, ACGW 105 delivers the packet addressedto its own node, which has already been decrypted and for which nodecrypting is required, to a receiving packet processing unit 1103. Apacket to be transferred is delivered to a packet transfer processingunit 1104. ACGW 105 performs transfer processing on the packet at thepacket transfer processing unit 1104. When the transfer destination isconfirmed and “the UE-UE direct communication” is being performed, it isconfirmed whether “the UE-UE direct communication” is permitted or notat an UE-UE communication confirming unit 1106. Also, it is confirmed atan RP header confirming unit 1107 as to whether the second RP header 406b is contained or not.

In ACGW 105, an UE connecting state detecting unit 1105 checks that theUEs under communication are not connected to the same E-Node B. In casethe UEs are connected to the same E-Node B, an inquiry is sent to UEs asto whether both UEs have capability for “the UE-UE direct communication”or not. If both UEs have the capability, it is indicated for the UEs toperform “the UE-UE direct communication”. ACGW 105 decides thedestination of the packet at the packet transfer processing unit 1104and delivers a packet, which requires IPsec encrypting processing, to anIPsec encrypting-encapsulating unit 1108. Then, the encrypted packet isdelivered and transmitted to a packet transmitting unit 1109 and thepacket is transmitted. In case it is a packet, which does not requireIPsec encrypting processing, it is directly delivered and transmitted tothe packet transmitting unit 1109.

Next, referring to FIG. 12, description will be given on packet relayprocessing of ACGW 105. When ACGW 105 receives a packet and the packethas already been encrypted by IPsec encryption, it performs decryptingand decapsulating on the packet (Step S121). If the packet isdecapsulated and the packet coming out is a packet addressed to its ownnode, the packet is processed as a packet addressed to its own node(Step S122). When a packet to be transferred to UE is received, ACGW 105confirms whether the destination address is “the local address” or not(Step S123). If it is not “the local address” but it is “the globaladdress”, the packet is transferred to UE. When the packet istransferred to UE, the packet is encrypted for UE and it is transmitted(Step S124).

In case the destination address of the packet to be transferred to UE is“the local address”, it is confirmed whether “the UE-UE directcommunication” is permitted or not (Step S125). If the packet is thepacket of “the global address”, the packet is sent via ACGW 105. On theother hand, if it is “the local address”, it is IP for transport, andthe packet can be sent directly to UE 102. For this reason, ACGW 105checks the destination address. In case the packet is a packet to betransferred to “the local address” of UE, ACGW 105 confirms whether thesecond RP header 406 b is added or not (Step S126).

This is performed for the purpose of confirming that a part of the dataportion 405 has been sent via ACGW 105 in “the UE-UE directcommunication”. When the data portion 405, which is a part of theinitial packet 401, is sent via ACGW 105, ACGW 105 maintains itscapability to control the packet communication between UE-UE. Inaddition, because it is not all data contained in the initial packet402, the use of the network resources between ACGW 105 and E-Node B 103can be suppressed, and the burden of the processing such as encryptingand decrypting at ACGW 105 can be alleviated. From the packet 406addressed to “the local address” of UE including the second RP header406 b, ACGW 105 generates an encrypted packet 1009 addressed to UE byusing the IPsec ESP tunnel mode and transmits it (Step S127).

<Processing at the Receiving Side UE>

Now, referring to FIG. 13, description will be given on packet receivingprocessing of the receiving side UE 102. The receiving side UE 102receives the first packet 404 and the second packet 1009. The firstpacket 404 is a packet, which has been transmitted by the transmittingside UE 101 to UE 102 and has been transferred by E-Node B 103 to UE102. On the other hand, the second packet 1009 is a packet, which hasbeen transmitted by the transmitting side UE 101 to ACGW 105,transferred by E-Node B to ACGW 105, decrypted by ACGW 105 andtransmitted after encrypting it for UE 102 in order to transfer to UE102. E-Node B 103 transfers the packet 1009 addressed to UE 102 fromACGW 105, and UE 102 receives it. Because the first packet 404 containsthe first RP header 404 b, the receiving side UE 102 stores the packet404 until a packet having the same RP-ID is received.

When the second packet 1009 is received, the receiving side UE 102performs decrypting based on SA information from ACGW 105 because it isan encrypted packet from ACGW 105. The packet 406 coming out as theresult of the decrypting is the second packet generated by UE 101 andaddressed to UE 102. Its destination address is “the local address” ofUE 102, and the source address is “the local address” of UE 101. Also,this packet 406 contains the second RP header 406 b. The receiving sideUE 102 synthesizes the first packet 404 and the second packet 406 havingthe same RP-ID. In the synthesizing procedure, the data portion 405 ofthe second packet 406 is overwritten at the foremost position of thefirst RP header 404 b of the first packet 404. Further, a value of “theNext Header” contained in the second RP header 406 b is set up in aregion of “the New Header” of the IP header 404 a of the first packet404. By this synthesizing processing, the initial packet 402 generatedby UE 101 and addressed to UE 102 is restored.

Because the receiving side UE 102 can identify that the synthesizedpacket 402 is a packet, which contains the ESP header 402 b and isencrypted and addressed to UE 102, the receiving side UE 102 performsdecrypting based on SA information from UE 101, and the initial packet401 is restored. As the key and SPI for decrypting, the informationacquired from ACGW 105 is used, which was acquired from ACGW 105 whenACGW 105 has given the instruction on “the UE-UE direct communication”.The data to be acquired by the receiving side UE 102 as the result ofdecrypting is the packet 401 generated by UE 101 and addressed to UE102. Its destination address is “the global address” of UE 102, and itssource address is “the global address” of UE 101.

Next, referring to FIG. 14, description will be given on a packetreceiving unit of UE 102 (and UE 101). The receiving side UE 102receives a packet at a packet receiving unit 1401. In case it is not aspecifically encrypted packet or a packet containing an RP header, thepacket is directly delivered to a receiving packet processing unit 1406and the receiving processing is conducted. When the receiving side UE102 receives the first packet 404, the first packet 404 contains thefirst RP header 404 b, and it is delivered to an RP packet storing unit1403. At an RP packet retrieving unit 1404, it is checked whether apacket having the same RP-ID is present or not. If it is present, twopackets are synthesized at an. RP packet synthesizing unit 1405. Whenthe receiving side UE 102 receives the second packet 1009, decryptingand decapsulating are carried out at the IPsec decrypting-decapsulatingunit 1402 because it is a packet encrypted by ACGW 105. Because thesecond RP header 406 b is contained in the decrypted packet 406, it isdelivered to the RP packet storing unit 1403. In case “the UE-UE directcommunication” is not performed, and if the encrypted packet 402 fromACGW 105 is received, the packet 401 decrypted at the IPsecdecrypting-decapsulating unit 1402 is delivered to the receiving packetprocessing unit 1406.

The receiving side 102 receives the first packet 404 and stores it inthe RP packet storing unit 1403. Also, it receives the second packet1009 and performs processing on it at the IPsec decrypting-decapsulatingunit 1402 and stores the second packet 406 containing the second RPheader 406 b in the RP packet storing unit 1403. When a packetcontaining the same RP-ID is retrieved at the RP packet retrieving unit1404, there are packets, which have the same RP-ID. Then, the firstpacket 404 and the second packet 406 are synthesized at the RP packetsynthesizing unit 1405. More concretely, the data portion of the secondpacket 406 is overwritten at the foremost position of the first RPheader 404 b of the first packet 404. Also, information on the “NextHeader” contained in the second RP header 406 b is set up at the “NextHeader” in the IP header 404 a of the first packet 404. By thissynthesizing processing, the initial packet 402 as generated by thetransmitting side UE 101 and addressed to UE 102 is restored. In casethe synthesized packet 402 contains the ESP header 402 b, the receivingside UE 102 delivers the synthesized packet 402 to the IPsecdecrypting-decapsulating unit 1402. The receiving side UE 102 decryptsand decapsulates the packet 402 and acquires the packet 401, and thispacket 401 is delivered to the receiving packet processing unit 1406.

Termination of the UE-UE Direct Communication>

Now, description will be given on operation when “the UE-UE directcommunication” is terminated. ACGW 105 gives an instruction to each ofUE 101 and UE 102 to terminate “the UE-UE direct communication”. Also, anotification is given to E-Node B 103 that “the UE-UE directcommunication” has been terminated. “The UE-UE direct communication” isconsidered to be terminated when each of UE 101 and UE 102 is notconnected to the same E-Node B 103 any more or when one of UE 101 or UE102 or both perform handover to the other E-Node B. Even when UE 101 andUE 102 are not moving, ACGW 105 can terminate the communication at itsjudgment. For instance, this is a case where the communication of UE 101and UE 102 has to be monitored from the reason such as lawfulinterception.

When an instruction is given from ACGW 105 to terminate “the UE-UEdirect communication”, UE 101 and UE 102 stop the processing to divideand synthesize the packet, and it is changed over to “a method totransmit all data of the packet to ACGW 105 and to receive all data fromACGW 105”. When the termination of “the UE-UE direct communication” isnotified from ACGW 105, E-Node B 103 stops the processing to directlytransfer the packet from UE 101 to UE 102.

In the present specification, detailed description has been given on amethod to divide the packet 402 after the transmitting side UE 101 hasencrypted the packet 401 to UE 102 and to divide the packet 402, whileit is also possible to carry out the division processing on the packet402 without performing the encryption of the packet 401.

The Second Embodiment

The mode of implementation as described above is defined as the firstembodiment, and description will be given now on a second embodiment.

The following are points (1) and (2) of “the UE-UE direct communication”of the second embodiment.

(1) UE 101 encrypts a packet and transmits it to the correspondent UE102. The encrypted packet (a first packet) is sent via a route passingthrough E-Node B 103 (not via ACGW 105) to UE 102. In this case, a keynecessary for decrypting the encrypted packet is transmitted to UE 102via ACGW 105 (a second packet). The key data has less data amount, andit is possible to reduce the data amount to be sent both ways between.E-Node B 103 and ACGW 105.

(Variation of Matching of the Packet to the Key)

-   -   The matching of the packet to the key is set to: N:1. That is,        as many keys as the number of packets are transmitted.    -   The matching of the packet to the key is set to: N:1. That is,        the same key is used for each of “N” packets during a certain        fixed period. For instance, the key is changed for every 100        packets. As another example, the keys are changed for every 10        minutes. Which of these cases is to be used on the receiving        side for decrypting is determined by the value of SPI when IPsec        is used for the encryption. In case that the keys are changed        according to the number of the packets (“N”), in order to avoid        trouble caused by out of synchronization for counting the        packets, a counter is placed on each packet to indicate the        order of the packet. When the keys are changed according to the        time, it is necessary to have synchronization of time between        the transmitting side and the receiving side. Also, it would be        necessary to determine the time required until the arrival of        the packet. In such a case, the time to transmit by the        transmitting side may be put on each packet.

(Variation of the Method to Determine the Key)

-   -   ACGW 105 decides the key, and the decision is notified to the        transmitting side UE 101 and the receiving side UE 102.

ACGW 105 distributes the keys by using an encryption pass for “thetransmitting side UE 101-ACGW 105” and an encryption pass for “thereceiving side UE 102-ACGW 105”. In this case, SPI information is alsotransmitted together with the keys. This SPI information is hidden inE-Node B 103 and cannot be seen.

-   -   The transmitting side UE 101 decides the key, and the decision        is transmitted to the receiving side UE 102 via ACGW 105.

By using the encryption pass of “the transmitting side UE 101-ACGW 105”,the key is transmitted from the transmitting side UE 101 to ACGW 105.ACGW 105 holds the key and transfers it to the receiving side UE 102.This key information is encrypted and E-Node B 103 cannot recognize it.

(2) E-Node B 103 periodically copies the packet of the UE-UE directcommunication and transfers it (a third packet).

ACGW 105 confirms that the transferred packet can be decrypted.

(Option): In order that ACGW can confirm whether the packet is decryptedor not, information to indicate that the packet has been decrypted isadded in advance on the transmitting side UE 101.

When the copy of the packet sent to and from the UE (UE 101 or UE 102)has not reached, ACGW 105 stops the UE-UE direct communication to UE 101and UE 102 and restores the communication to the initial communicationvia ACGW 105.

When the packet of the UE-UE direct communication does not reach ACGW105 from E-Node B 103, it is found that there are fewer passing packetsin the UE-UE direct communication. If the amount of the packets in thedirect communication is less, it means that the effects to reduce theamount of communication between E-Node B 103 and ACGW 105 are lesseffective, and there is no need any more to maintain the UE-UE directcommunication. For this reason, ACGW 105 stops the UE-UE directcommunication and it is returned to the communication via ACGW 105.

(The effect of the second embodiment): Similarly to the case of thefirst embodiment, by reducing the data amount, which is transmittedbetween E-Node B 103 and ACGW 105, the network resources of Core Networkcan be effectively utilized.

Now, description will be given on the details of the second embodiment.Similarly to the case of the first embodiment, the communication betweenUE 101 and UE 102 is performed at first via ACGW 105. In this case, theroute between the transmitting side UE and ACGW 105 and the routebetween the receiving side UE 102 and ACGW 105 are protected bydifferent IPsec SA respectively. When ACGW 105 detects that thetransmitting side UE 101 and the receiving side UE 102 are connected tothe same E-Node B 103 and it is in the condition where the UE-UE directcommunication can be performed, it is checked whether the transmittingside UE 101 and the receiving side UE 102 have capability for the UE-UEdirect communication via the route to and from E-Node B 103 or not. Incase both of UE 101 and UE 102 have the capability, it is indicated foreach of them to establish direct IPsec SA between UE 101 and UE 102. ToE-Node B 103, it is notified that the UE-UE direct communication hasbeen permitted to UE 101 and UE 102, and it is indicated to perform thecommunication via the route passing through E-Node B 103.

Using SA information as notified from ACGW 105, UE 101 and UE 102 startthe UE-UE direct communication. After the UE-UE direct communication hasbeen started, SA between UE 101 and ACGW 105 and SA between UE 102 andACGW 105 are maintained without change. This SA is also used thereafterbecause the communication between UE 101 or UE 102 and ACGW 105 iscontinued. For instance, the key data to decrypt the packet is used forthe transmission between UE 101 or UE 102 and ACGW 105.

Description will be given below on a case where the packet istransmitted from UE 101 to UE 102 in the second embodiment. UE 101generates a packet to be transmitted to UE 102, and this is encrypted byIPsec. UE 101 transmits this encrypted packet to UE 102 via the routepassing through E-Node B 103. Using the key data received from ACGW 105,UE 102 decrypts the data from UE 101 and performs the receivingprocessing. E-Node B 103 transfers the packet of the directcommunication directly to the correspondents UE 102 and UE 101respectively without transmitting the packet to ACGW 105. Also, for thepurpose of checking the communication between UE 101 and UE 102, E-NodeB 103 periodically copies the packet of the direct communication betweenUE 101 and UE 102 and transfers it to ACGW 105 so that ACGW 105 cancheck the communication between UE 101 and UE 102.

When the copy of the packet of the direct communication between UE 101and UE 102 is transmitted from E-Node B 103, ACGW 105 confirms whetherthe packet can be decrypted by using the stored key or not. If thepacket cannot be decrypted, an instruction is given to each of UE 101,UE 102 and E-Node B 103 to stop the direct communication via the routepassing through E-Node B 103, and it is switched over to thecommunication via ACGW 105.

The key for the UE-UE direct communication between UE 101 and UE 102 isperiodically updated by the transmitting side UE (UE 101). The timeinterval of the updating of the key by the transmitting side UE 101 isabout several minutes. The time interval of the updating may be severalhours or several days. Also, the key may be updated for every packet.When the key is updated by the transmitting side UE 101, thetransmitting side UE 101 generates a new key. UE 101 transmits this keydata and security parameters index (SPI) to ACGW 105. The key to betransmitted by UE 101 is a key with the data newly updated and prepared.SPI is a type of information, according to which the receiving side canfind the key to be used. When the key data is received from UE 101, ACGW105 stores the key data in a key storing unit. The reason for this isthat, when a copy of the packet for the direct communication between UE101 and UE 102 has been transmitted from E-Node B 103, ACGW 105 canconfirm whether it can be actually decrypted or not. Similarly to thecase of UE 102, the key data and SPI are stored.

ACGW 105 transfers the key data received from UE 101 to UE 102. UE 102receives the key data transmitted from UE 101 via ACGW 105. UE 102stores the received key data so that it can be decrypted when theencrypted packet reaches from UE 101. UE 102 sends a receiving responseto ACGW 105. When the receiving response from UE 102 is received, ACGW105 sends the receiving response to UE 101. UE 101 receives thereceiving response from ACGW 105 and recognizes that UE 102 cancorrectly decrypt the data when the data encrypted by the new key istransmitted to UE 102 by this receiving response. In case the key is notupdated by UE 101, ACGW 105 requests UE 101 to update the key. If therequest to update the key is not carried out, an instruction is given toeach of UE 101, UE 102 and E-Node B 103 so that it can be switched overfrom the UE-UE direct communication to the communication via ACGW 105.

Now, referring to the attached drawings, detailed description will begiven. As shown in FIG. 15, in case UE 101 and UE 102 are connected todifferent E-Nodes B, i.e. E-Node B 103 and E-Node B 104 respectively,there is no problem even when the communication between UE-UE is carriedout via ACGW 105. However, when UE 101 and UE 102 are connected to thesame E-Node B 103 as shown in FIG. 1, the same packet may come and gobetween ACGW 105 and E-Node B 103, and the network resources areconsumed uselessly. Thus, in case both of UE 101 and UE 102 areconnected to the same E-Node B 103, ACGW 105 sends an inquiry to each ofUE 101 and UE 102 as to whether it matches the condition of the UE-UEdirect communication. If both of UE 101 and UE 102 match the conditionof the communication, an instruction is given to each of UE 101 and UE102 to perform the UE-UE direct communication and also notifies E-Node B103 that the UE-UE direct communication has been permitted. Up to thispoint, the procedure is the same as that of the first embodiment (seeFIG. 2, FIG. 3A and FIG. 3B).

In case UE 101 and UE 102 perform the communication via ACGW 105, asshown in FIG. 16, the destination address is the address of UE 102(global address) in a packet 1501 transmitted from UE 101 to UE 102. Inorder to transmit the packet 1501 addressed to UE 102 to ACGW 105, UE101 encapsulates the packet with a packet 1502 addressed to the localaddress of ACGW 105 and transmits it to ACGW 105. A data portion 1502 cof the packet 1502 addressed to ACGW is encrypted by IPsec.

The destination address of the packet 1501 addressed to UE 102 is theaddress of UE 102 (global address; g_UE2), and the source address is theaddress of UE 101 (global address; g_UE1). The packet 1501 addressed toUE 102 is encrypted (1502 c in FIG. 16), and an IP header 1502 aaddressed to ACGW 105, an ESP extended header 1502 b and an ESPauthentication trailer 1502 d are added. For the packet 1502 addressedto ACGW 105, an address may be used, with which communication can becarried out within the region, and it may be a local address. Here,description is given on a case where the local address is used. Thedestination address of the packet 1502 addressed to ACGW 105 is thelocal address of ACGW 105 (l_ACGW), and the source address is the localaddress of UE 102 (l_UE2).

A packet 1504 to be transmitted from UE 101 to UE 102 after ACGW 105gives an instruction to perform the UE-UE direct communication to UE 101and UE 102 is as shown in FIG. 17. To a data 1501 b addressed to UE 102,UE 101 adds a header 1501 a, which has the address of UE 102 (globaladdress; g_UE2) as the destination address. This packet 1501 is the sameas the packet 1501 sent via ACGW 105 as described above. The packet 1501addressed to UE 102 is encrypted (1504 c in FIG. 17), and an IP header1504 a, an ESP header 1504 b and an ESP authentication trailer 1504 dare added. The destination address of the IP header 1504 a to be addedis the local address of UE 102 (l_UE2). This local address of UE 102 isnotified to UE 101 via the communication from ACGW 105 to UE 101 and UE102.

Packet configuration of IPsec ESP (IETF RFC2406) is shown in FIG. 18.The portions of the security parameters index (SPI) and the sequencenumber represent the ESP header 1504 b. Payload data and padding, padlength, and next header are the encryption data 1504 c. Authenticationdata is ESP Auth. 1504 d. When the encrypted packet 1504 of the IPsecESP is received, UE can identify a key necessary for decrypting by usingthe destination address, the source address and SPI. Also, byincrementing the sequence number one by one for each transfer packet,the number of the transfer packets can be identified.

In a concrete example of the second embodiment, the transmitting side UEperiodically updates the key. When bi-directional communication isperformed in the UE-UE direct communication, both UEs must update thekeys respectively. Here, description will be given by taking an exampleon a case where UE 101 updates the key as the transmitting side. UE 101updates the keys at a fixed time interval. The time interval to updatethe keys may be set to an interval when the number of the transmittedpackets 1504 exceeds a certain fixed number. Or, the keys may be updatedfor every packet 1504. If the keys are not updated for a period longerthan the fixed time period, ACGW 105 requests the updating of the keysto UE 101. In case the keys are not updated after the request to updatethe keys has been given from ACGW 105, ACGW 105 may instruct thestopping of the UE-UE direct communication or to switchover thecommunication to the communication via ACGW 105.

When UE 101 updates the key, UE 101 transmits a new key in the samemanner as the packets 1501 and 1502 as shown in FIG. 16. A type ofinformation transmitted by UE 101 as key data is the key data and thesecurity parameters index (SPI). In addition to this information, othertypes of information such as encryption mode may be included. The keydata prepared by UE 101 is transported by the packet 1501 addressed toACGW 105. This packet 1501 is encapsulated and encrypted as the packet1502 addressed to ACGW 105. In the packets 1501 and 1502 to transportthe key data, an extended header may be added, which indicates that thekey data is being transported. In case the extended header, whichindicates that the key data is contained, is included, the processing ofACGW 105 to identify the key data is expedited, and the time periodrequired until the acquisition and the holding of the key data can bereduced. Similarly, in case the extended header is included, whichindicates that the key data is also contained in the packet 1501addressed to UE 101, the processing of UE 102 to identify the key datais speeded up, and the time period required until the key data isacquired and held can be reduced.

Next, description will be given on operation of B-Node B 103. When UE101 and UE 102 are performing the communication via ACGW 105, it is inthe ordinary state. Basically, E-Node B 103 transmits a packet from ACGW105 to UE 101 and UE 102, and the packets from UE 101 and UE 102 aretransmitted to ACGW 105. It does not happen that the packets from UE 101and UE 102 are transferred to UE 102 and UE 101 respectively. Thecommunication between UE and UE is sent via a route passing throughB-Node B 103 and does not pass through ACGW 150. The network side cannotidentify how the packet is sent between UE and UE. Even when it becomesnecessary to perform lawful interception, the packet cannot beintercepted or picked up. For this reason, when the communication packetbetween UE-UE is sent via a route to pass through B-Node B 103, it isnecessary to limit it to the case where the communication is permittedby ACGW 105. One of the cases where ACGW 105 permits the communicationis a case where the packet is sent and returned between E-Node B 103 andACGW 105 and the network resources are consumed uselessly. For suchreason, E-Node B 103 directly transfers the packet without passingthrough ACGW 105 in case of the communication between UE-UE asinstructed from ACGW 105.

The packet 1502, which is prepared by the transmitting side UE and to betransmitted to ACGW 105, has the local address of ACGW 105 (l_ACGW) asthe destination address as shown in FIG. 16. On the other hand, thepacket 1504 to be transmitted to UE 102 has the local address of UE 102(l_UE2) as the destination address as shown in FIG. 17. E-Node B 103identifies whether the packet is a packet 1502 addressed to ACGW 105based on the local address or it is the packet 1504 addressed to UE.Further, in the case of the packet 1504 addressed to UE, it is checkedwhether the packet is permitted or not, and only in case the packet ispermitted, the packet is transferred to UE 102. In case the UE-UE directcommunication is not permitted, the packet is discarded as it is. As themethods other than the discard of the packet, there are: a method totransfer the packet to ACGW 105 and a notification of error is sent fromACGW 105 to UE 101 and UE 102, or a method to give an instruction toswitch over to “the communication via ACGW” from ACGW 105. Or, there isa method to transmit a notification of error from E-Node B 103 to UE 101and UE 102.

E-Node B 103 periodically copies the packet 1504 of the UE-UE directcommunication and transfers it to ACGW 105. The time interval to takethe copy of the packet 1504 and to transmit it to ACGW 105 is notifiedfrom ACGW 105 when an instruction of the UE-UE direct communication isreceived from ACGW 105. This time interval is designated in term oftime. A time period of several minutes may be designated. Or, it may bethe time interval longer than this or a time interval shorter than this.Or, it may be designated by the number of the passing packets 1504. Or,ACGW 105 may designate to take a copy every time when 100 packets 1504pass through and to transfer the copies to ACGW 105. Or, ACGW 105 maydesignate to take a copy of every packet 1504 and to transfer the copiesto ACGW 105. The time interval to take copies and to transfer the copiesto ACGW 105 may be changed as necessary by ACGW 105. When the timeinterval is changed, the same method may be used as the method to notifyE-Node B 103 that the UE-UE direct communication is permitted.

FIG. 19 shows a packet configuration when E-Node B 103 transfers thepackets of the UE-UE direct communication to ACGW 105. The packet 1505to reach E-Node B 103 is a packet, which has the local address of UE 102(l_UE2) as the destination address (IP header 1505 a). A data portion1505 is encrypted so that UE1 102 can decrypt it. This packet 1505 isadded with an IP header 1506 a, which has the local address of ACGW 105(l_ACGW) as the destination address (packet 1506), and this istransmitted to ACGW 105. There is no need to encrypt the packet 1506,which is transmitted from E-Node B 103 to ACGW 105. However, it may betransferred by encrypting it.

Next, using block diagrams of the device, description will be given onprocessing operation of each device in the second embodiment. For UE 101and UE 102, description will be given by dividing to the description ona transmitting unit and the description on a receiving unitrespectively. First, referring to FIG. 20, a packet transmitting unit 10will be described. When the packet is transmitted by UE 101 or UE 102,and in case a packet addressed to ACGW 105 is transmitted, the dataprepared by a data preparing unit 11 is turned to a packet addressed toACGW 105 at a packet preparing unit 12. Then, it is encrypted at anIPsec encrypting unit 13 and addressed to ACGW 105, and the packet istransmitted by a packet transmitting unit 14. As a key data to encryptthe packet addressed to ACGW 105, a data notified from ACGW 105 andstored in a key data accumulation unit 16 is used.

When UE 101 transmits the packet 1501 addressed to UE 102 via ACGW 105,a data 1501 b addressed to UE 102 is prepared at the data preparing unit11, and a packet 1501 addressed to UE 102 is prepared at the packetpreparing unit 12. This packet 1501 is encapsulated with the packet 1502addressed to ACGW 105 at the same packet preparing unit 12. Then, it isencrypted to ACGW 105 at the IPsec encrypting unit 13, and it istransmitted from the packet transmitting unit 14. When UE 101 transmitsthe packet 1503 addressed to UE 102 via the UE-UE direct communication,the data 1501 b addressed to UE 102 is prepared at the data preparingunit 11, and the packet 1501 addressed to UE 102 is prepared at thepacket preparing unit 12. This packet 1501 is encrypted and addressed toUE 102 at the IPsec encrypting unit 13, and it is transmitted by thepacket transmitting unit 14. The key data for encrypting the packet toUE 102 is acquired by the IPsec encrypting unit 13 from the key dataaccumulation unit 16.

The key data to be transmitted form UE 101 to UE 102 is prepared by thekey data preparing unit 15. The key data thus prepared is stored at thekey data accumulation unit 16. UE 101 delivers the newly prepared keydata to the packet preparing unit 12, and the packet 1501 addressed toUE 102 is generated. Further, at the same packet preparing unit 12, itis encapsulated with the packet 1502 addressed to ACGW 105. It isencapsulated to ACGW 105 at the IPsec encrypting unit 13, and it istransmitted from the packet transmitting unit 14.

Next, referring to FIG. 21, description will be given on a packetreceiving unit 20 of UE 101 and UE 102. UE 101 and UE 102 receive thepacket at a packet receiving unit 21. In case the packet is encrypted,it is decrypted at an IPsec decrypting-decapsulating unit 22, and it isdelivered to a packet processing unit 23. In case the packet is notencrypted, it is delivered from the packet receiving unit 21 to areceiving packet processing unit 23. At the receiving packet processingunit 23, if the key data is transported by the packet, the key data isdelivered to a key data accumulation unit 24, and the key data isaccumulated. The key data thus accumulated are used for decrypting atthe IPsec decrypting-decapsulating unit 22.

Next, referring to FIG. 22, description will be given on a block diagramof E-Node B 103. E-Node B 103 receives the packet at a packet receivingunit 31. In case the packet is addressed to B-Node B 103, it isprocessed at a receiving packet processing unit 32. In the packetaddressed to E-Node B 103, there is a message to notify the permissionof the UE-UE direct communication to be transmitted from ACGW 105.E-Node B 103 transfers and processes the packets other than the packetsaddressed to E-Node B 103 at a packet transfer processing unit 33. Incase it is a packet to be transmitted from UE 101 or UE 102 to ACGW 105,or in case it is a packet to be transmitted from ACGW 105 to UE 101 orUE 102, the packet is transmitted from the packet transmitting unit 34as it is. In case the packet to be transmitted from UE to UE istransferred, it is confirmed whether the UE-UE direct communication ispermitted on the packet or not at an UE-UE communication confirming unit35, and the packet is transmitted from the packet transmitting unit onlywhen it is permitted. Further, in case the UE-UE direct communication ispermitted, the packets of the UE-UE direct communication periodicallytransmitted from UE are copied by a packet copying unit 36. Then, thecopy is put into the packet addressed to ACGW 105, and it is transmittedto ACGW 105 by the packet transmitting unit 34.

Next, referring to FIG. 23, description will be given on a block diagramof ACGW 105. ACGW 105 receives the packet at a packet receiving unit 41.In case the received packet is not encrypted, the receiving processingis performed at a receiving packet processing unit 42. In case thepacket is encrypted, it is decrypted at an IPsecdecrypting-decapsulating unit 43. If it is a packet addressed to ACGW105, it is delivered to the receiving packet processing unit 42, and thereceiving processing is performed. If it is not addressed to ACGW 105but it is addressed to the other communication device, it is deliveredto a packet transfer processing unit 44. At the packet transferprocessing unit 44, if it is necessary to encrypt the packet when it istransferred, the packet is delivered to an IPsec encrypting-capsulatingunit 45, and it is transmitted from a packet transmitting unit 46. If itis not necessary to encrypt the packet, it is delivered to the packettransmitting unit 46.

At an UE connecting state detecting unit 47 of the packet transfer unit44, ACGW 105 confirms whether UE and UE performing the communicationwith each other are connected to the same E-Node B 103 or not. Also, atan UE-UE direct communication permission judging unit 48, it isconfirmed whether amount of the communication between. UE and UE is highor not, and whether lawful interception between UE-UE is needed or not.Also, it is judged whether an instruction to perform the UE-UE directcommunication should be given to UE 101 and UE 102 or not.

When the encrypted packet is received or when the encrypted packet istransmitted, ACGW 105 acquires key data from a key data accumulationunit 49. The description of the received packet is performed by an IPsecdecrypting-decapsulating unit 43, and the encryption of the transmittingpacket is performed by an IPsec encrypting-encapsulating unit 45. Whenthe key data to be used by UE 101 or UE 102 is transmitted from UE 101or UE 102 respectively, the packet of the key data is received at thepacket receiving unit 41. It is then decrypted at the IPsecdecrypting-decapsulating unit 43, and the packet is delivered to thereceived packet processing unit 42. At the received packet processingunit 42, the key data is taken out, and it is stored in the key dataaccumulation unit 49.

When the packet in the UE-UE direct communication is copied andtransmitted from E-Node B 103, it is received by the packet receivingunit 41. The packet in the UE-UE direct communication is taken out bythe received packet processing unit 42, and it is confirmed whether ornot the decrypting processing can be carried out on this packet by anIPsec decryption processing confirming unit 50. The IPsec decryptionprocessing confirming unit 50 takes out the key data from the key dataaccumulation unit 49 and performs the decrypting. In the above,description has been given on operations of each of the devices 101,102, 103 and 105 by referring to the block diagram.

Next, referring to FIG. 24, description will be given on a packetconfiguration during the UE-UE direct communication. In the following,description will be given on points (1), (2), (3) and (4) in FIG. 24.

(1) In order to transmit the data addressed to UE2 (UE 102), UE1 (UE101) prepares a packet 1501 addressed to UE2 (g_UE2). This packet 1501is encapsulated by a packet 1504 (a first packet of the secondembodiment) addressed to UE2 (l_UE2), and it is transmitted. This packet1504 is transferred to UE2 by E-Node B 103.

(2) In order to transmit the key data to UE2, UE1 prepares a packet 1501addressed to UE2 (g_UE2). This packet 1501 is encapsulated with a packet1502 addressed to ACGW (l_ACGW) (a second packet of the secondembodiment), and this is transmitted. This packet 1502 is transferred toACGW 105 by E-Node B 103. Further, this packet is processed at ACGW 105and is transferred to UE2 as the packet 1504 and the packet 1501 (seeFIG. (4).

(3) When E-Node B 103 copies the packet 1505 of the UE-UE directcommunication between UE1-UE2 and transmits it to ACGW 105, E-Node B 103encapsulates the packet 1505 addressed to UE2 (l_UE2) with the packetaddressed to ACGW 105 (l_ACGW) (a third packet in the secondembodiment), and it is transmitted to ACGW 105. An internal packet 1505to be encapsulated is the packet 1504 generated in (1) above.

(4) ACGW 105 encapsulates the packet 1501 including the key dataaddressed to UE2 (g_UE2) with the packet 1504 addressed to UE2 (l_UE2)(a second packet in the second embodiment), and it is transmitted. Thispacket 1504 is transferred to UE2 by E-Node B 103. The packet 1501containing the key data addressed to UE2 (g_UE2) is the packet 1501prepared by UE1 (see (1)).

In case it is not the UE-UE direct communication, the communication isperformed as shown in FIG. 25. If the same number as the number in theUE-UE direct communication of FIG. 24 is used, UE1 transmits the data toUE2 by using (2) and (4) as described above. In this case, there is noflow of packets as described in (1) and (3).

Next, description will be given on a case where the sequence number isput on the communication packet between UE1 and UE2. As the method, bywhich ACGW 105 identifies the data amount of the UE-UE directcommunication between UE1 and UE2, there is a method, according to whichthe transmitting side puts the sequence number to the communicationpacket between UE1 and UE2. As shown in FIG. 26, there is a method toplace an extended header, which indicates that the sequence number isnewly included, between the IP header and the data. FIG. 26 shows anexample where an extended header containing the sequence number 1501 cis added between the IP header 1501 a of the packet 1501 addressed toUE2 (g_UE2) and the data 1501 b addressed to UE2. UE1 encapsulates thepacket 1501 addressed to UE2 (g_UE2) with the packet 1504 addressed toUE2 (l_UE2), and it is transmitted. Similarly, in case it is transmittedto ACGW 105, the packet 1501 containing this sequence number isencapsulated with the packet addressed to ACGW (l_ACGW), and it istransmitted to ACGW 105. As the methods to put different sequencenumber, there are: a method to use an undefined region of the IP header,a method to add to a Hop-by-Hop Option extended header as an option, anda method to add a destination option extended header as option.

As a method, by which ACGW 105 identifies the number of packets to betransmitted between UE-UE, description has been given in the above onthe method, in which UE adds the sequence number 1501 c to the packet.According to this method, ACGW 105 can identify the number of thepackets 1504 transmitted from UE1 by the number. Also, a method to puttotal data amount (total number of data bytes 1501 d) from theinitiation of the communication instead of the sequence number 1501 c tothe packet 1501 as shown in FIG. 27. Further, there is a method to putboth the sequence number 1501 c and the total number of data bytes 1501d between the IP header 1501 a of the packet 1501 and the data 1501 d ofthe packet 1501 as an extended header.

In the above, description has been given on a method, by which ACGW 105can identify the sequence number (number of packets) between UE-UE ordata amount according to the packets from UE1 and UE2, while stillanother method may be used, by which a report from E-Node B 103 isreceived. Also, in the above; description has been given on a method, inwhich the types of information such as the number of packets, dataamount, etc. are added to each packet to be transmitted by UE, while amethod may be used, by which information such as the number of packets,data amount, etc. is periodically notified to ACGW by UE.

Next, referring to FIG. 28, description will be given on a case wherethe key data is transmitted from UE1 to UE2. When the key data istransmitted to UE2, UE1 prepares a packet 1501 addressed to UE2 (g_UE2).This packet 1501 addressed to UE2 is encapsulated with the packet 1502addressed to ACGW (l_ACGW), and it is transmitted. ACGW 105 confirms thecontent of the packet 1501 addressed to UE2. If the key data iscontained in it, the key data is acquired and is held.

In order that ACGW 105 and the receiving side UE (UE2) can judge whetherthe key data is contained in the packet transmitted from UE1 or not,there are following methods:

-   -   A number is defined, which indicates that the key data is newly        included in protocol number of the IP header. According this        method, it can be judged whether the key data is included or not        by simply confirming the protocol number of the IP header. As an        extension of this method, there is a method to define the        extended header, which indicates that the key data is included.    -   An option for the key data is newly defined for the purpose of        transporting the key data using a destination optional extended        header. By this method, it can be judged whether the key data is        included or not by simply scanning over the destination optional        extended header.

General conceptions of these cases are conceptionally shown in FIG. 29.There is information 1501 e, which indicates that the key data isincluded subsequent to the IP header 1501 a, and a key data 1501 f isincluded after it. Also, there is a method to transmit the key data byusing TCP (Transmission Control Protocol) or UDP (User DatagramProtocol), or a method to perform communication by using ICMP (InternetControl Message Protocol). In such case, ACGW 105 performs the scanninginto TCP or UDP, analyzes the message and takes out the key data.

In the above, description has been given on a method, according to whichUE1 prepares the packet 1501 to transmit to UE2 for the purpose oftransmitting the key data to UE2, and ACGW 105 acquires the key datawhen the packet 1501 is analyzed. In addition to this method, there is amethod, according to which UE1 transmits the key data to ACGW 105 andACGW 105 transfers it to UE2. In this case, also, the key data istransferred as described above. In the above, description has been givenon a method to transmit the key data from UE1 to UE2 via ACGW 105.

<Example of Data Division>

Next, description will be given on an example of data division. As anexample of data division, description will be given now on a case wherescalable audio coding is used. Scalable audio coding is a coding methodto divide the sound into fundamental audio data and data for tonequality improvement at the time of coding of audio data. In the priorart, the Non-Patent Document 3, the Patent Document 1, etc. are known,for instance. In the Non-Patent Document 3, an example is described, inwhich broad-band sound (˜7 kHz) is divided into low frequency signal (˜4kHz) and high frequency signal (4 kHz˜7 kHz). Also, in the PatentDocument 1, an example is given, in which the sound range is dividedinto three. By using the scalable audio (sound) coding method, twoeffects can be obtained. One effect is that, even when the extended datamay be lost, the sound can be reproduced if fundamental audio datareaches the receiving side. The other effect is that, even when theextended data may reach, sound cannot be reproduced on the receivingside if the fundamental audio (sound) data does not reach.

On these two effects, it is described in the Non-Patent Document 3 (p.1108) as follows:

“Even when the coding strings of tone quality guarantee extended codecor high frequency range codec may fall off due to packet loss, audiosignal of narrow-band range can be decoded if the coding strings of thecore codec have reached, and sound interruption can be prevented.However, if the packet to store the coding strings of the core codecfalls off due to packet loss, the sound cannot be reproduced.”

Also, in the Patent Document 1 (columns 0017, 0023 and 0025), it isdescribed as follows: “When the data processed by the scalable audiocoding is transmitted in packets, the fundamental audio data and theextended data for tone quality improvement are transmitted separately indifferent packets so that the fundamental audio data may not be lostduring communication, and the priority of the packet is increased sothat the fundamental audio data may not be lost during communication.”

On the other hand, according to the present invention, in the concreteexample of the first embodiment and in the variation examples of thefirst and the second embodiments, the fact that the sound cannot bereproduced if the fundamental audio data is not available is positivelyutilized. According to the present invention, the transmitted audio datais divided into the fundamental audio data and the extended data or tonequality improvement by the scalable audio coding at the transmittingside UE 101, and the fundamental audio data is transmitted to thereceiving side UE 102 via ACGW 105 and the extended data is transmittedvia the route passing through E-Node B 103. The receiving side UE 102cannot reproduce the sound unless the fundamental audio data does notreach via ACGW 105. As the new effects of the present invention, ACGW105 can perform lawful interception when necessary in order to send thefundamental audio data because the fundamental audio data can be sentvia ACGW 105.

<The Important Point>

(1) The transmitting side UE 101 transmits the audio data to thecorrespondent, i.e. the receiving side UE 102, by using packets. In thiscase, the audio data is encoded by using scalable audio coding and it istransmitted as packet data. According to the scalable audio coding, theaudio data is divided into fundamental audio data and the extended audiodata. The transmitting side UE 101 transmits the fundamental audio dataindispensable for sound reproducing via ACGW 105 and the extended audiodata for tone quality improvement via the route to and from E-Node B103. Because the fundamental audio data is less in the amount comparedwith the case where total audio data is transmitted, it is possible todecrease the data amount sent via the route passing through E-Node B 103and ACGW 105. Further, as a new effect, even when there is only thefundamental audio data, the sound can be reproduced although tonequality may be deteriorated. Thus, when it is necessary to performlawful interception at ACGW 105, the lawful interception can beinitiated in easier manner.

<Variations of the Packet Transmitting Method to Send Audio Data>

-   -   To be applied to a method to divide the contents of the packet        (concrete example of the first embodiment)

First, the total audio data including the fundamental audio data and thedata for tone quality improvement as processed by the scalable audiocoding is placed into one packet. Then, the fundamental audio data andthe data for tone quality improvement are divided respectively, and eachof these divided data is transmitted via ACGW 105 and via the route toand from E-Node B 103 respectively.

-   -   To be applied to a method, in which packets are prepared and        transmitted separately (variation examples of the first        embodiment and the second embodiment)

The audio data is processed by scalable coding, and the fundamentalaudio data and the data for tone quality improvement are placed intodifferent packets respectively and are transmitted. Instead of the keydata in the second embodiment, a packet with the fundamental audio datais transmitted via ACGW 105 and a packet with the data for tone qualityimprovement is transmitted via the route to and from E-Node B 103.

<Effects>

By reducing the amount of the data to be transmitted between E-Node B103 and ACGW 105, the resources of core network can be effectivelyutilized. To ACGW 105, only the fundamental audio data processed byscalable audio coding is sent. However, lawful interception can beperformed even when there is only the fundamental audio data. Thus, aneffect is provided, by which lawful interception can be started ineasier manner at ACGW 105 when it is necessary.

Embodiment

First, description will be given on a method to divide audio data byusing scalable audio coding. Then, description will be given on a methodto transmit the audio data by packets. In FIG. 30, a coding device 2000at a transmitting side communication device encodes the input audio data(PCM data) from a microphone (MIC), an A/D converter, and a banddivision filter) by scalable audio coding method. By the scalable audiocoding method, audio data is encoded at a fundamental audio data encoder2001 and an extended audio data encoder 2002, and the fundamental audiodata and the extended audio data are generated. The fundamental audiodata encoder 2001 and the extended audio data encoder 2002 havedifferent sampling frequencies used for coding. Low frequency componentsare encoded as fundamental audio data, and high frequency components areencoded as extended audio data. By inputting the coding data of thefundamental audio data to the extended audio data encoder 2002, anextended audio data, which is a “difference data” from the fundamentalaudio data, is generated. The transmitting side communication deviceprepares packets from the encoded audio data by a packet transmitter2003, and the packets are transmitted to a receiving side communicationdevice (decoding device 2010). The transmitted packets reach thereceiving side communication device via IP network or radio network.

The decoding device 2010 at the receiving side communication devicereceives the packet at a packet receiver 2011 and delivers the encodedaudio data to a fundamental audio data decoder 2012 and an extendedaudio data decoder 2013 respectively. Upon receipt of the output fromthe fundamental audio data decoder 2012, the extended audio data isdecoded at the extended audio data decoder 2013. The receiving sidecommunication device synthesizes the outputs from the fundamental audiodata decoder 2012 and the extended audio data decoder 2013 by an adder2014, and the decoded sound (PCM data) is reproduced via a D/A converterand a speaker (SP) (not shown).

Next, description will be given on a packet transmitting method of thedata, which has been processed by scalable audio coding. There are twopacket transmitting methods to transmit the audio encoded data inpackets: One is a method to be applied to a procedure, in which thefundamental audio data and the extended data are placed in one packet.In this case, similarly to the first embodiment, the fundamental audiodata is cut off from the packet to be transmitted, and the fundamentalaudio data thus cut off is transmitted via ACGW 105. The other isapplied to a procedure, in which the fundamental audio data and theextended data are placed into different packets. In this case, insteadof the key data in the second embodiment, a packet with the fundamentalaudio data is transmitted via ACGW 105.

First, referring to FIG. 31, description will be given on a method toplace the fundamental audio data and the extended data in one packet. Tostore the audio data 2020 to be transmitted from the transmitting sidecommunication device (UE 101) to the receiving side transmitting device(UE 102) into a packet 2021, an extended audio data 2020 b is placedsubsequent to the fundamental audio data 2020 a as shown in FIG. 31.Destination address of this packet 2021 at an IP header 2021 a is UE(local address). The fundamental audio data 2020 a is cut off from thispacket 2021, and an IP header 2022 a and a second RP header 2022 b areadded to the fundamental audio data 2020 a thus cut off. Destinationaddress of the newly added IP header 2022 a is UE (local address). Thenewly generated packet 2022 is encrypted and addressed to ACGW 105 (2023in FIG. 31), and an IP header 2024 a and an IPsec ESP extended header(simply referred as “ESP header” in FIG. 31) 2024 b are added. The newlygenerated packet 2024 is transmitted to ACGW 105, and the packet reachesthe receiving side communication device (the receiving side UE 102) viaACGW 105.

On the remaining packet 2025 after the cutting of the fundamental audiodata 2020 a, a first RP header 2026 b is added to the cut-off portion2025 b. This packet is sent via a route to and from the E-Node B 103 andreaches the receiving side communication device (the receiving side UE102). This packet 2026 containing the extended audio data may not beencrypted because it is not possible to reproduce the sound from theextended audio data alone. In the above, description has been given onan example where the fundamental audio data 2020 a is cut off, while thedata to be cut off may be all of the fundamental audio data 2020 a and apart of the extended audio data 2020 b. Although the effects of lawfulinterception at ACGW 102 cannot be obtained, the cut-off data portionmay be only a part of the fundamental audio data 2020 a. Even in thiscase, the effect can be provided that the sound cannot be reproducedunless both of these data are available at the receiving side.

Next, referring to FIG. 32, description will be given on a case wherethe fundamental audio data 2020 a and the extended audio data 2020 b areplaced in different packets. The transmitting side communication device(the transmitting side UE 101) stores the fundamental audio data 2020 aand the extended audio data 2020 b into different IP packets 2030 and2033 respectively. Destination address of each of these IP packets 2030and 2033 is the transmitting side UE 102 (local address). The packet2030 containing the fundamental audio data 2020 a is encrypted for ACGW105 (2031 in FIG. 32). Further, an IP header 2032 a and an IPsec ESPheader (simply referred as “ESP header” in FIG. 32) 2032 b are added.The encrypted packet 3032 containing the fundamental audio data 2031reaches the receiving side UE 102 via ACGW 105. Each of the packets 2033and 2034 containing the extended audio data 2020 b is sent via the routeto and from E-Node B 103 and reaches the receiving side UE 102. Thesepackets 2033 and 2034 containing the extended audio data 2020 b may notbe encrypted. (The packets 2033 and 2034 are the same). This is becausethe sound cannot be reproduced if there is only the extended audio data2020 b.

In the configuration of the transmitting units of UE 101 and UE 102, byproviding the coding device 2000 as shown in FIG. 30 in the datapreparing unit 601 (and the packet preparing unit 602) as shown in FIG.6, the fundamental audio data 2020 a and the extended audio data 2020 bcan be separately transmitted by the method to transmit by dividing theinner portion of the packet and the method to transmit in individuallyseparated packets. In the configuration of the receiving units of UE 101and UE 102, by providing the decoding device 2010 shown in FIG. 30 inthe received packet processing unit 1406 of FIG. 14, the fundamentalaudio data 2020 a and the extended audio data 2020 b divided by themethod as given above can be decoded and synthesized. Further, at ACGW105, sound reproduction processing for lawful interception can becarried out at the packet transfer processing unit 1104 as shown in FIG.11.

Other Embodiments

The present invention can be applied to a case where not only audio databut also image data are included. For instance, when MPEG2 is used, onlyin I picture, which is intra-frame coding data, is transmitted via ACGW105, and P and B pictures, which are inter-frame difference predictioncoding data, are transmitted via the route to and from E-Node B 103.When MPEG4 or H.264/AVC is used, only I slice, which is intra-screenproduction coding data, is transmitted via ACGW 105, and P and B slices,which are inter-screen difference prediction coding data, aretransmitted via the route to and from E-Node B 103. Because P and Bpictures (P and B slices) are difference data, the receiving side UE 102cannot decode unless there is I picture (I slice), but I picture (Islice) can decode by itself and ACGW 105 can lawfully intercept. Becauseit is prescribed in MPEG2 that the foremost frame of 15 frames must bean I picture. Thus, if it is only I picture of the foremost frame, whichis transmitted via ACGW 105. Thus, the network resources can beefficiently utilized, and the burden on ACGW 105 can be reduced.

In the embodiments as described above, description has been given bytaking an example on ACGW 105 and E-Node B 103 in the 3rd GenerationPartnership Project (3GPP®), while the present invention can be appliedto the other systems, too. For example, ACGW 105 and E-Node B 103 can beapplied to an access controller and an access point in IEEE 802.11respectively. Also, ACGW 105 and E-Node B 103 can be appliedrespectively to an access controller in CAPWAP (Control and Provisioningof Wireless Access Points) and in. WTP (Wireless Termination Point).

RFC 4118: “Architecture Taxonomy for Control and Provisioning ofWireless Access Points (CAPWAP)”; http://www.jetf.org/rfc/rfc4118.txt.

In the above, description has been given on a case where UE 101 and UE102 are connected to the same E-Node B 103, but it is not limited to theE-Node B devices 103, which are physically the same. Even when these areE-Node B devices physically different from each other, this can beapplied to a case where the E-Node B devices are logically the same. Insuch case, the data sent via the route to and from E-Node B can betransmitted to the receiving side UE 102 after it has been transmittedbetween two or more E-Node B devices. Even in this case, the effects ofthe present invention to reduce the amount of packet data to betransmitted between E-Node B and ACGW 105 can be equally provided. Inthe environment where the architecture of the 3rd Generation.Partnership Project and the architecture of the wireless LAN co-exist, anetwork can be established where E-Node B, Access Point, WTP, etc. arepresent in mixed state. Even, in such a network, the invention can beapplied by limiting to only a part of the data to be transmitted to ACGWor access controller and by sending most of the other data via the routeto and from E-Node B, Access Point, and WTP.

Each functional block used in the description of the embodiments asdescribed above can be realized as LSI, which is typically representedby an integrated circuit. These may be manufactured each as one chip ormay be produced as one chip including a part or all. Here, it isreferred as LSI, while it may be called IC, system LSI, super LSI orultra LSI, depending on the degree of integration. The technique to usethe integrated circuit is not limited to LSI, and it may be realized asa dedicated circuit or a general-purpose processor. After manufacturingLSI, FPGA (Field Programmable Gate Array), which can be programmed, or areconfigurable processor may be used, in which the connection and thesetting of circuit cells inside LSI can be reconfigured. Further, if anew technique of circuit integration to replace LSI may emerge as theresult of the progress of the semiconductor technique or othertechniques derived from it, the functional block may be integrated byusing such technique. For instance, the application of biotechnology isone of such possibilities.

INDUSTRIAL APPLICABILITY

According to the present invention, network resources can be efficientlyutilized when radio terminals on the transmitting side and the receivingside are connected to a radio relay device and the burden on the controldevice can be reduced. Also, the effects can be provided so that thecontrol device can control the communication of radio terminal, and itcan be used in the networks such as 3GPP (registered trademark), IEEE802.11, CAPWAP (Control and Provisioning of Wireless Access Points),etc.

1. A communication terminal for communicating to a correspondingcommunication terminal connected to a same base station as thecommunication terminal is connected to, the communication terminalcomprising: a dividing unit configured to divide a transmission packetaddressed to the corresponding communication terminal into a firstpacket to be transmitted via a route not passing through a controldevice, and a second packet to be transmitted via the control device,the control device managing the communication between the communicationterminal and the corresponding communication terminal; and a sendingunit configured to send the first packet directly to the correspondingcommunication terminal, and send the second packet to the correspondingcommunication terminal via the control device.
 2. The communicationterminal according to claim 1, wherein the dividing unit starts dividingthe transmission packet when the communication terminal receives, fromthe control device, an instruction to start a direct communication. 3.The communication terminal according to claim 2, wherein the instructionto start the direct communication includes an address of thecorresponding communication terminal.
 4. The communication terminalaccording to claim 1, wherein the communication terminal sends the firstpacket directly to the corresponding communication terminal using asecurity association established between the communication terminal andthe corresponding communication terminal.
 5. The communication terminalaccording to claim 4, wherein the communication terminal sends keyinformation used for the security association to the correspondingcommunication terminal via the control device by including the keyinformation in the second packet.
 6. The communication terminalaccording to claim 1, wherein the dividing unit encrypts thetransmission packet, generates the first packet including a remainingdata portion after cutting of the encrypted transmission packet, andgenerates the second packet including a cut-off data portion after thecutting of the encrypted transmission packet.
 7. A control device formanaging a communication between a communication terminal and acorresponding communication terminal connected to a same base station asthe communication terminal is connected to, the control devicecomprising: a receiving unit configured to receive a second packet fromthe communication terminal via the base station, the communicationterminal dividing a transmission packet addressed to the correspondingcommunication terminal into a first packet to be transmitted via a routenot passing through the control device, and the second packet to betransmitted via the control device; a sending unit configured to sendthe second packet to the corresponding communication terminal via thebase station; and a managing unit configured to manage the communicationbased on the second packet.
 8. The control device according to claim 7,wherein the transmission packet is encrypted and the encryptedtransmission packet is divided into the first and second packets bygenerating the first packet including a remaining data portion aftercutting of the encrypted transmission packet and by generating thesecond packet including a cut-off data portion after the cutting of theencrypted transmission packet.
 9. The control device according to claim7, wherein the managing unit identifies a traffic amount regarding thecommunication by obtaining information from the second packet.
 10. Thecontrol device according to claim 7, further comprising a connectingstate detecting unit configured to check a connecting state between thecommunication terminal and the corresponding communication terminal, andsend, to the communication terminal, an instruction to start a directcommunication.
 11. The control device according to claim 10, wherein theconnecting state detecting unit check the connecting state by sending aninquiry message to each of the communication terminal and thecorresponding communication terminal as to whether to have capabilityfor the direct communication, and wherein the connecting state detectingunit sends the instruction to start the direct communication in case ofreceiving a response message indicating that each of the communicationterminal and the corresponding communication terminal has capability forthe direct communication as a response to the inquiry message.
 12. Thecontrol device according to claim 7, wherein the managing unit furtheridentifies a traffic amount regarding the communication based on thefirst packet, the first packet being periodically copied and transferredto the control device by the base station.
 13. The control deviceaccording to claim 12, wherein the connecting state detecting unitsends, to both the communication terminal and the correspondingcommunication terminal, instructions to terminate the directcommunication when the control device detects that a period of notreceiving the first packet from the base station exceeds a certainvalue.
 14. The control device according to claim 10, wherein theconnecting state detecting unit sends, to both the communicationterminal and the corresponding communication terminal, instructions toterminate the direct communication when the control device detects thatat least one of the communication terminal and the correspondingcommunication terminal changes a connection to the base station into aconnection to another base station.
 15. A base station for transferringa packet regarding a communication between a communication terminal anda corresponding communication terminal to a control device which managesthe communication, the communication terminal and the correspondingcommunication terminal being connected to the base station.